-
-
Notifications
You must be signed in to change notification settings - Fork 3.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sanitize peer client names #20788
Sanitize peer client names #20788
Conversation
If the problem is displaying of such a data then it should be sanitized at the layer where this (displaying) is done. |
Are you sure? There is no way to reliably do that in JS for WebUI. For regualr GUI it probably will require extra overhead with string copies. Consider that the value is never used in code, only for displaying in UI, so keeping original value is pointless. We already do sanitization in-place e.g. for peer id. Libtorrent also does similar things on its side. |
I disagree with you in general. But considering that in this particular case, this field is unlikely to be intended for anything other than a visual representation of the client name, I agree to leave it as it is. (If we really need something more unique, then we should use the raw peer ID.) |
Can you confirm that it actually fixes #20010? |
https://www.libtorrent.org/reference-Core.html#peer_info states:
IMO libtorrent do try to make it human readable and if that is the case then shouldn't this PR applied at libtorrent side? |
Exactly. It's an arbitrary string sent by a remote client. We should never ever rely or make assumptions about it.
Yes, I tested it artifically. It sanitizes
Can't say. Some other clients using libtorrent may want to see the original string. Who knows. |
The GUI side has escaping for HTML entities. If sanitizing are to be done at |
It will be kinda inconsistient with the rest of the code. https://github.com/search?q=repo%3Aqbittorrent%2FqBittorrent%20toHtmlEscaped&type=code We probably should do it for all fields then in a separate PR? |
We are only talking about the
I would prefer changes to |
8648429
to
01a1f78
Compare
Ok. Changes:
|
01a1f78
to
e6c2178
Compare
But this certainly shouldn't be in the base layer. The reasoning that it is not (yet) used without |
I tend to agree with that. |
e6c2178
to
ecc9cd1
Compare
ecc9cd1
to
c24ea70
Compare
@HanabishiRecca |
Clients can send arbitrary UTF-8 strings as their client identificators. qBittorrent displays that strings as is, which could lead to unexpected results and affect GUI layout in case of junk or intentionally malicious strings.
This PR introduces basic sanitization for client strings.
Fixes #20010