[mirotalksfu] - fix decodeURIComponent

app/src/Server.js

@@ -58,7 +58,7 @@ dev dependencies: {
  * @license For commercial or closed source, contact us at license.mirotalk@gmail.com or purchase directly via CodeCanyon
  * @license CodeCanyon: https://codecanyon.net/item/mirotalk-sfu-webrtc-realtime-video-conferences/40769970
  * @author  Miroslav Pejic - miroslav.pejic.85@gmail.com
- * @version 1.7.73
+ * @version 1.7.74
  *
  */
 

app/src/XSS.js

@@ -71,11 +71,19 @@ function needsDecoding(str) {
     return urlEncodedPattern.test(str);
 }
 
-// Recursively sanitize data based on its type
+function safeDecodeURIComponent(str) {
+    try {
+        return decodeURIComponent(str);
+    } catch (e) {
+        log.error('Malformed URI component detected:', str);
+        return str; // Return original string if decoding fails
+    }
+}
+
 function sanitizeData(data) {
     if (typeof data === 'string') {
         // Decode HTML entities and URL encoded content
-        const decodedData = needsDecoding(data) ? he.decode(decodeURIComponent(data)) : he.decode(data);
+        const decodedData = needsDecoding(data) ? he.decode(safeDecodeURIComponent(data)) : he.decode(data);
         return purify.sanitize(decodedData);
     }