works in chat message too, just got redirected to example.com and someone's embedding an audio file using their username so I'm guessing there's just no sanitization anywhere
You criticized about the random code generation function. Could you explain why it is bad? Though I code, I am no expert and would really like to know.
Reminds me of a little encrypted chat app I made with a friend a few weeks ago. Ours is intended for two-way communication: http://cifrachat.herokuapp.com/
This is misleading - it uses Firebase for the server! How can the OP claim that the server is not storing messages if the OP doesn't control the server?
I have no reason to trust that Firebase isn't storing the messages. Why should I?
18 comments
[ 3.3 ms ] story [ 49.5 ms ] threadhttps://ephchat.com/?room=%3C/title%3E%3Cimg%20src=%22http:/...
Also https://github.com/bmmayer/ephchat/issues/2
https://github.com/firebase/firechat
This is the proper way to do it (h/t @tptacek): http://sockpuppet.org/blog/2014/02/25/safely-generate-random...
mt_srand() + rand() is just hilarious. The md5(uniquid()) thing is a common randomness anti-pattern in PHP projects that needs to die in a fire.
In PHP, a very brief example of the code to achieve the proper way of generating randomness looks like the snippet I posted in the issue.
I have no reason to trust that Firebase isn't storing the messages. Why should I?
2. Click change name.
3. Paste the following contents and hit enter.