[mirotlaksfu] - fix check XSS on array obj
هذا الالتزام موجود في:
Miroslav Pejic
@@ -6,7 +6,26 @@ const log = new Logger('Xss');
|
||||
|
||||
const checkXSS = (dataObject) => {
|
||||
try {
|
||||
if (typeof dataObject === 'object' && Object.keys(dataObject).length > 0) {
|
||||
if (Array.isArray(dataObject)) {
|
||||
if (Object.keys(dataObject).length > 0 && typeof dataObject[0] === 'object') {
|
||||
dataObject.forEach((obj) => {
|
||||
for (const key in obj) {
|
||||
if (obj.hasOwnProperty(key)) {
|
||||
let objectJson = objectToJSONString(obj[key]);
|
||||
if (objectJson) {
|
||||
let jsonString = xss(objectJson);
|
||||
let jsonObject = JSONStringToObject(jsonString);
|
||||
if (jsonObject) {
|
||||
obj[key] = jsonObject;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
});
|
||||
log.debug('XSS Array of Object sanitization done');
|
||||
return dataObject;
|
||||
}
|
||||
} else if (typeof dataObject === 'object') {
|
||||
let objectJson = objectToJSONString(dataObject);
|
||||
if (objectJson) {
|
||||
let jsonString = xss(objectJson);
|
||||
@@ -16,8 +35,7 @@ const checkXSS = (dataObject) => {
|
||||
return jsonObject;
|
||||
}
|
||||
}
|
||||
}
|
||||
if (typeof dataObject === 'string' || dataObject instanceof String) {
|
||||
} else if (typeof dataObject === 'string' || dataObject instanceof String) {
|
||||
log.debug('XSS String sanitization done');
|
||||
return xss(dataObject);
|
||||
}
|
||||
|
||||
@@ -173,7 +173,7 @@ class RoomClient {
|
||||
this.recScreenStream = null;
|
||||
this._isRecording = false;
|
||||
|
||||
this.RoomPassword = null;
|
||||
this.RoomPassword = false;
|
||||
|
||||
// File transfer settings
|
||||
this.fileToSend = null;
|
||||
|
||||
المرجع في مشكلة جديدة
حظر مستخدم