xat is a social networking site where you can, among others, create your own chat. You can approach your chat by following a direct url in the form
http://xat.com/<your chat page name>
In my case, the owner wanted to redirect the chat page to a new website that he recently migrated to.
How to redirect your xat chat page to your website
One way of putting a redirect on an HTML page is by using the usual meta refresh method. However, I found out that the filter currently replaces http-equiv=”refresh” to http-equiv=”fresh”, which obviously breaks the redirect parameter value. However, the filter just replaces “re” with an empty string, which can be trivially bypassed. You just have to use http-equiv=”rerefresh”, which finally replaces it to http-equiv=”refresh”.
So the final result becomes
<meta http-equiv="rerefresh" content="0; url=http://google.com">
where of course http://google.com should represent your website where you want to redirect to. Note also that you have to put this between the head tags. The entire HTML code would then look something like this:
<html> <head> <meta http-equiv="rerefresh" content="0; url=http://website.com/redirect/xat_redirect.php"> </head> <b0dy></b0dy> </html>
These replacements are in general a bad way of securing a website and should be avoided. As shown above, the current filter the xat developers are applying is useless and is trivially bypassed. I found also other and more advanced ways to accomplish this, but this should in essence do the trick (works on Internet Explorer, Firefox and Chrome). Note that in the future, the xat developers might decide to change the filter by which this small trick will not work anymore. You should also check the xat rules before applying any of this.