Skip to content
Permalink
Browse files Browse the repository at this point in the history
[mirotalk] - #139 prevent XSS through DC
  • Loading branch information
miroslavpejic85 committed Feb 18, 2023
1 parent 65ef008 commit f535b35
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 9 deletions.
23 changes: 14 additions & 9 deletions public/js/client.js
Expand Up @@ -4662,10 +4662,13 @@ function sendChatMessage() {

/**
* handle Incoming Data Channel Chat Messages
* @param {object} dataMessage chat messages
* @param {object} data chat messages
*/
function handleDataChannelChat(dataMessage) {
if (!dataMessage) return;
function handleDataChannelChat(data) {
if (!data) return;

// prevent XSS injection from remote peer through Data Channel
const dataMessage = JSON.parse(filterXSS(JSON.stringify(data)));

let msgFrom = dataMessage.from;
let msgTo = dataMessage.to;
Expand Down Expand Up @@ -4980,12 +4983,14 @@ function addMsgerPrivateBtn(msgerPrivateBtn, msgerPrivateMsgInput, peerId) {
};

function sendPrivateMessage() {
let pMsg = checkMsg(msgerPrivateMsgInput.value.trim());
if (!pMsg) {
msgerPrivateMsgInput.value = '';
isChatPasteTxt = false;
return;
}
let pMsg = msgerPrivateMsgInput.value.trim();

// let pMsg = checkMsg(msgerPrivateMsgInput.value.trim());
// if (!pMsg) {
// msgerPrivateMsgInput.value = '';
// isChatPasteTxt = false;
// return;
// }
let toPeerName = msgerPrivateBtn.value;
emitMsg(myPeerName, toPeerName, pMsg, true, peerId);
appendMessage(myPeerName, rightChatAvatar, 'right', pMsg + '<hr>Private message to ' + toPeerName, true);
Expand Down
2 changes: 2 additions & 0 deletions public/views/client.html
Expand Up @@ -476,6 +476,7 @@ <h1>Loading</h1>
- JS scripts https://cdn.jsdelivr.net
- https://webrtc.github.io/adapter/adapter-latest.js (https://github.com/webrtcHacks/adapter)
- https://github.com/leizongmin/js-xss (https://www.npmjs.com/package/xss)
- https://www.npmjs.com/package/marked (https://github.com/markedjs/marked)
- https://www.npmjs.com/package/detectrtc (https://github.com/muaz-khan/DetectRTC)
- https://www.npmjs.com/package/sweetalert2 (https://github.com/sweetalert2/sweetalert2)
Expand All @@ -485,6 +486,7 @@ <h1>Loading</h1>
- https://www.npmjs.com/package/tippy.js (https://github.com/atomiks/tippyjs)
-->
<script defer src="https://webrtc.github.io/adapter/adapter-latest.js"></script>
<script defer src="https://rawgit.com/leizongmin/js-xss/master/dist/xss.js"></script>
<script defer src="https://cdn.jsdelivr.net/npm/marked/marked.min.js"></script>
<script defer src="https://cdn.jsdelivr.net/npm/detectrtc@1.4.1/DetectRTC.min.js"></script>
<script defer src="https://cdn.jsdelivr.net/npm/sweetalert2@11.7.1"></script>
Expand Down

0 comments on commit f535b35

Please sign in to comment.