Skip to content

Commit

Permalink
🔒️ Fix a XSS in the webcam snapshot test
Browse files Browse the repository at this point in the history
  • Loading branch information
foosel committed Mar 12, 2024
1 parent e8337f7 commit 779894c
Showing 1 changed file with 14 additions and 17 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -193,28 +193,25 @@ $(function () {
return;
}

var content = response.response.content;
var contentType = response.response.assumed_content_type;
const content = response.response.content;
const contentType = response.response.assumed_content_type;

var mimeType = "image/jpeg";
if (contentType) {
mimeType = contentType.split(";")[0];
}

var text = gettext(
const text = gettext(
"If you see your webcam snapshot picture below, the entered snapshot URL is ok."
);
const mimeType = contentType
? contentType.split(";")[0]
: "image/jpeg";

const textElement = $("<p></p>").text(text);
const imgElement = $("<img>")
.attr("src", "data:" + mimeType + ";base64," + content)
.css("border", "1px solid black");
const message = $("<p></p>").append(textElement).append(imgElement);

showMessageDialog({
title: gettext("Snapshot test"),
message: $(
"<p>" +
text +
'</p><p><img src="data:' +
mimeType +
";base64," +
content +
'" style="border: 1px solid black" /></p>'
),
message: message,
onclose: function () {
self.testWebcamSnapshotUrlBusy(false);
}
Expand Down

0 comments on commit 779894c

Please sign in to comment.