The chat permits users to use HTML/CSS for formatting. This formatting can be used to post messages which perfectly resemble the look of chat messages sent by other people.

Possible choices:

1. Accept the risk and document that it is supposed that all Jamulus users are well-behaved. One might argue that this is expected in other places as well (such as people not disturbing other group's sessions or not attempting to cause confusion by deliberately duplicating usernames). The main difference may be that the audio of bad users can be muted, while chat messages can't (and maybe shouldn't, especially when someone is muted due to audio issues and the chat is being used to diagnose/help).
2. Try preventing such misuse. I think this is hard and prone to be subject to be circumvented again. One could try forbidding all variations of <br>, <p>, <div> and <anyelement style="display:block"> in order to disallow line breaks within one chat message. I think it's hard to catch all methods which cause line breaks. It will even be harder to do that with a regexp-based approach, without parsing HTML.
3. Disable HTML for ordinary chat messages.
   • Personally, my impression is that HTML is often used for servers' welcome messages to provide some nicely structured header/information. This is no problem because the welcome message can only be changed by the server admin who has to be trusted anyway. Therefore, this could be left as-is.
   • I have seldomly had the need to use HTML in my chat messages. I did not even know that this is possible until reading the relevant code. I don't know how many people currently rely on this feature and would be sad to see it going away.
   • Nevertheless, this would be a breaking change. The simplest implementation would probably be to force this server-side by HTML-escaping all user-supplied text.
   • If deemed necessary, it might still be useful to permit some formatting (bold text or something). This could be implemented by permitting Markdown or specific whitelisted HTML tags.
   • This option would also help to avoid the formatting-leaking behavior mentioned in Sticky text alignment in chat #869.

Personally, I do not care too much. I mainly opened this issue because it looks unintended and because other discussions revealed that some people do care a lot about preventing abuse of Jamulus features especially for less computer-addicted persons. :)

This issue is what I hinted at in #887.