That was fantastic and fast, but it definitely needs Flood control http://www.irchelp.org/irchelp/mirc/flood.html and http://en.wikipedia.org/wiki/Internet_Relay_Chat_flood

Definitely needs flood control. Thanks for the ref. I'll read up on it.

I got a series of "lol" popup dialogs, then was pushed out of the room and returned to Hacker News. I was fairly frightened by this turn of events and won't return using my normal browser without some assurances that I'm not going to be victimized. I guess I'll fire up a virgin firefox profile and try some more.

On the user interface side, it would make sense if any line starting with "/" was interpreted as a command (legit or not). Otherwise, you'll have a lot of "/help" and so forth in the channels. Especially since "/print" is a valid command.

Update: Not sure, but I think someone has now injected some JS which causes everyone else in the channel to continuously spam it with the word "crash". Good times...

wow too bad it tanked so quickly with spammer types

very cool and thought provoking. BTW, I was "foo". :)

Feature request: When I log out & come back to a room, the conversation should still be there.

edit: interesting, someone just downvoted a bunch of comments here. HN has grown large and attractive to idjits. I upvoted the zeros back to ones.

Re: spam Well I was half expecting it. I suppose now we sorta know how it holds up to heavyish traffic, even if it's spam...

Thing is twich rooms don't hold any history. it works more like throwaway chatrooms atm.

Persistent rooms - I'm strongly considering implementing down the road.

You can spawn your own twich room by just linking to

http://twich.me/any_room_name or http://2wi.ch/any_room_name

Works on iOS and Android too.

Comments and feedback appreciated.

One neat thing would be what you would expect of a IRC client: when you hit <tab> it auto completes the nickname. That would improve actual discussions.

Also another neat thing would be a favicon. I say that because I got the channel pinned as an application (Google Chrome) and it shows a default icon.

looks great, can I control who is in my room if I make one?

This should definitely be a feature. Also, when somebody posts it scrolls down to the bottom. Sometimes the bottom half of the window showing the chat turns black and blocks out the text in opera on mac.

Bug (or feature I guess): if I scroll up and someone posts, it autoscrolls me down to the page.

Annoys me too. But overall, a nice thingy.

Agreed, the User Experience definitely needs a lot more work. Thanks for feedback.

If someone types an extended string of unbroken characters, you should break that string for them. If you don't, the horizontal autoscroll bar appears and actually blocks the 1 most recent comment.

Unless you've fixed a XSS bug in the hour since it was posted here, kudos on being the first Node.js chat site I've seen like this that was not vulnerable to XSS discoverable within ten seconds.

The actual app is pretty well xss proofed.

But, unfortunately if you go to this link...

    http://twich.me/<script>alert(document.cookie);</script>

(had to stick it in code block because HN auto marks it as spam)

Ah, alas, I stand corrected. That's a 10-second one. I didn't do much more than a 10-second pass, that's usually sufficient.

Unfortunately there was also another one in the youtube embedding feature, took half an hour to find :)

Open sourced code or it didn't happen.

How's it different from http://github.com/ry/node_chat?

Here's my clone with a shared jukebox: http://github.com/akkartik/node_chat

infinte rooms. so you just go to twitch.me/foobar and send other people that link. You're chatting with just those people.

Sure, you could host node_chat yourself, but a) then you have to host node_chat yourself, and b) if you found yourself in a situation where you wanted 2 rooms open at once, you'd have to start up another instance of node_chat.

Ah.

Great work, was fun till the spammers showed up.

You leaning towards open sourcing it or selling access to chat servers?

Thanks. Yeah I'll definitely have to work on the spamming. Leaning towards open sourcing it and maybe run a hosted service.

Also, do you intend on making it possible to use without javascript enabled? An iframe for the chat input and one for the output each doing long polls with meta refreshes should do it. Considerably less efficient of course, but opens the app to more users...

Can't read the dark grey on black.

Beautiful.

However, your restrictions on names are too strict. I should be able to use the name 話筒. Nice that I can use chinese characters in the chat room name though.

Do you have any intention to monetise this? If so, do you have any ideas you'd be willing to share?

hi everyone. suggestion: start your own twich by just linking to http://twich.me/[roomname]

and post the link to get others chatting with you. it's getting too crowded in the main room.

Interesting because injecting script tags shows them properly escaped but also seems to be evaluating them. Not sure how both can happen at the same time.

here's another long polling chat, in Python and with source code: http://chat.gevent.org

Really out of subject; but those colors are pretty cool. I wish I had a theme like that for Textmate or IRC.

Color scheme is homage to original nodechat demo which uses the same. http://chat.nodejs.org/

Love it, I'm at http://twich.me/chegra

I love the embedded YouTube :)

Would you like a pony too?

How about you build one?

Still vulnerable to XSS...

hmm... someone's stress testing http://2wi.ch/hackernews atm. let's adjourn someplace else. suggestions?

Slight bug: you can pass in %31 as your nick which makes it '1' bypassing the 3char limit.

Thanks for picking that up. I would've never picked it.

you need to re-evaluate how you are handling characters. you aren't escaping and encoding properly. there is no point in just smashing the little bugs that people bring up because it will still leave other things open. time to re-eval.

> "you aren't escaping properly ... re-eval"

  eval(eval(escape(string)))  ?

for (i=0;i<=500;i++) { $('input#entry').val('kjhjkh' + i); $('input#entry-btn').click(); } or you could just push it to the url

heaps of people have injected js too

while(1){ $('input#entry').val('hahaha'); $('input#entry-btn').click();}

Love the BitchX inspired theme :)

I love this one!!! I can start the group chat in a second!!!