jfinn
/
jitsi_corner8
Segui 1
Vota 0
Forka 0
Codice Problemi 0 Pull Requests 0 Rilasci 0 Wiki Attività
Sfoglia il codice sorgente

Merge pull request #205 from Zalmoxisus/master 

Prevent XSS injection using 'nick' tag on presence
j8
bgrozev 10 anni fa
parent
3b0fcad39b 7b0be8e953
commit
996b1791d5
4 ha cambiato i file con 7 aggiunte e 7 eliminazioni
Visualizzazione separata Mostra Diff Stats
  1. 1
    1
      app.js
  2. 1
    1
      contact_list.js
  3. 1
    1
      muc.js
  4. 4
    4
      videolayout.js

+ 1
- 1
app.js Vedi File 

@@ -752,7 +752,7 @@ $(document).bind('entered.muc', function (event, jid, info, pres) {
752 752 
 $(document).bind('left.muc', function (event, jid) {
753 753 
     console.log('left.muc', jid);
754 754 
     var displayName = $('#participant_' + Strophe.getResourceFromJid(jid) +
755 
-        '>.displayname').text();
755 
+        '>.displayname').html();
756 756 
     messageHandler.notify(displayName || 'Somebody',
757 757 
         'disconnected',
758 758 
         'disconnected');

+ 1
- 1
contact_list.js Vedi File 

@@ -170,7 +170,7 @@ var ContactList = (function (my) {
170 170 
         var contactName = $('#contactlist #' + resourceJid + '>p');
171 171
172 172 
         if (contactName && displayName && displayName.length > 0)
173 
-            contactName.text(displayName);
173 
+            contactName.html(displayName);
174 174 
     });
175 175
176 176 
     my.setClickable = function(resourceJid, isClickable) {

+ 1
- 1
muc.js Vedi File 

@@ -132,7 +132,7 @@ Strophe.addConnectionPlugin('emuc', {
132 132 
         }
133 133
134 134 
         var nicktag = $(pres).find('>nick[xmlns="http://jabber.org/protocol/nick"]');
135 
-        member.displayName = (nicktag.length > 0 ? nicktag.text() : null);
135 
+        member.displayName = (nicktag.length > 0 ? nicktag.html() : null);
136 136
137 137 
         if (from == this.myroomjid) {
138 138 
             if (member.affiliation == 'owner') this.isOwner = true;

+ 4
- 4
videolayout.js Vedi File 

@@ -751,12 +751,12 @@ var VideoLayout = (function (my) {
751 751 
             if (nameSpanElement.id === 'localDisplayName' &&
752 752 
                 $('#localDisplayName').text() !== displayName) {
753 753 
                 if (displayName && displayName.length > 0)
754 
-                    $('#localDisplayName').text(displayName + ' (me)');
754 
+                    $('#localDisplayName').html(displayName + ' (me)');
755 755 
                 else
756 756 
                     $('#localDisplayName').text(defaultLocalDisplayName);
757 757 
             } else {
758 758 
                 if (displayName && displayName.length > 0)
759 
-                    $('#' + videoSpanId + '_name').text(displayName);
759 
+                    $('#' + videoSpanId + '_name').html(displayName);
760 760 
                 else
761 761 
                     $('#' + videoSpanId + '_name').text(interfaceConfig.DEFAULT_REMOTE_DISPLAY_NAME);
762 762 
             }
 
@@ -825,7 +825,7 @@ var VideoLayout = (function (my) {
825 825 
     }
826 826
827 827 
     my.inputDisplayNameHandler = function (name) {
828 
-        if (nickname !== name) {
828 
+        if (name && nickname !== name) {
829 829 
             nickname = name;
830 830 
             window.localStorage.displayname = nickname;
831 831 
             connection.emuc.addDisplayNameToPresence(nickname);
 
@@ -1097,7 +1097,7 @@ var VideoLayout = (function (my) {
1097 1097 
         var displayName = resourceJid;
1098 1098 
         var nameSpan = $('#' + videoContainerId + '>span.displayname');
1099 1099 
         if (nameSpan.length > 0)
1100 
-            displayName = nameSpan.text();
1100 
+            displayName = nameSpan.html();
1101 1101
1102 1102 
         console.log("UI enable dominant speaker",
1103 1103 
             displayName,

Write Preview
Loading…
Annulla
Salva