jfinn
/
jitsi_app_c0
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

fix(chat) prevent homograph attacks 

Decode URLs using punycode when rendering, so when http://ebаy.com is sent
we render http://xn--eby-7cd.com/ instead.

Ref: https://github.com/tasti/react-linkify/issues/84
master
Saúl Ibarra Corretgé 5 years ago
parent
0f9e01a7cf
commit
11ae187ece
4 changed files with 10 additions and 2 deletions
Unified View Show Diff Stats
  1. 5
    0
      package-lock.json
  2. 1
    0
      package.json
  3. 2
    1
      react/features/base/react/components/native/Linkify.js
  4. 2
    1
      react/features/base/react/components/web/Linkify.js

+ 5
- 0
package-lock.json View File

13141 
         }
 13141 
         }
13142 
       }
 13142 
       }
13143 
     },
 13143 
     },
13144 
+    "punycode": {
13145 
+      "version": "2.1.1",
13146 
+      "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.1.1.tgz",
13147 
+      "integrity": "sha512-XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A=="
13148 
+    },
13144 
     "q": {
 13149 
     "q": {
13145 
       "version": "1.5.1",
 13150 
       "version": "1.5.1",
13146 
       "resolved": "https://registry.npmjs.org/q/-/q-1.5.1.tgz",
 13151 
       "resolved": "https://registry.npmjs.org/q/-/q-1.5.1.tgz",

+ 1
- 0
package.json View File

63 
     "moment-duration-format": "2.2.2",
 63 
     "moment-duration-format": "2.2.2",
64 
     "olm": "https://packages.matrix.org/npm/olm/olm-3.1.4.tgz",
 64 
     "olm": "https://packages.matrix.org/npm/olm/olm-3.1.4.tgz",
65 
     "pixelmatch": "5.1.0",
 65 
     "pixelmatch": "5.1.0",
66 
+    "punycode": "2.1.1",
66 
     "react": "16.9",
 67 
     "react": "16.9",
67 
     "react-dom": "16.9",
 68 
     "react-dom": "16.9",
68 
     "react-emoji-render": "1.2.4",
 69 
     "react-emoji-render": "1.2.4",

+ 2
- 1
react/features/base/react/components/native/Linkify.js View File

1 
 // @flow
 1 
 // @flow
2
2
3 
+import punycode from 'punycode';
3 
 import React, { Component } from 'react';
 4 
 import React, { Component } from 'react';
4 
 import ReactLinkify from 'react-linkify';
 5 
 import ReactLinkify from 'react-linkify';
5 
 import { Text } from 'react-native';
 6 
 import { Text } from 'react-native';
68 
                 key = { key }
 69 
                 key = { key }
69 
                 style = { this.props.linkStyle }
 70 
                 style = { this.props.linkStyle }
70 
                 url = { decoratedHref }>
 71 
                 url = { decoratedHref }>
71 
-                {decoratedText}
72 
+                { punycode.toASCII(decoratedText) }
72 
             </Link>
 73 
             </Link>
73 
         );
 74 
         );
74 
     }
 75 
     }

+ 2
- 1
react/features/base/react/components/web/Linkify.js View File

1 
 // @flow
 1 
 // @flow
2
2
3 
+import punycode from 'punycode';
3 
 import React, { Component } from 'react';
 4 
 import React, { Component } from 'react';
4 
 import ReactLinkify from 'react-linkify';
 5 
 import ReactLinkify from 'react-linkify';
5
6
44 
                 key = { key }
 45 
                 key = { key }
45 
                 rel = 'noopener noreferrer'
 46 
                 rel = 'noopener noreferrer'
46 
                 target = '_blank'>
 47 
                 target = '_blank'>
47 
-                {decoratedText}
48 
+                { punycode.toASCII(decoratedText) }
48 
             </a>
 49 
             </a>
49 
         );
 50 
         );
50 
     }
 51 
     }

Write Preview
Loading…
Cancel
Save