jfinn
/
jitsi_corner8
关注 1
点赞 0
派生 0
代码 工单 0 合并请求 0 版本发布 0 百科 动态
浏览代码

Merge pull request #205 from Zalmoxisus/master 

Prevent XSS injection using 'nick' tag on presence
j8
bgrozev 10 年前
父节点
3b0fcad39b 7b0be8e953
当前提交
996b1791d5
共有 4 个文件被更改,包括 7 次插入7 次删除
合并视图 显示文件统计
  1. 1
    1
      app.js
  2. 1
    1
      contact_list.js
  3. 1
    1
      muc.js
  4. 4
    4
      videolayout.js

+ 1
- 1
app.js 查看文件

752 
 $(document).bind('left.muc', function (event, jid) {
 752 
 $(document).bind('left.muc', function (event, jid) {
753 
     console.log('left.muc', jid);
 753 
     console.log('left.muc', jid);
754 
     var displayName = $('#participant_' + Strophe.getResourceFromJid(jid) +
 754 
     var displayName = $('#participant_' + Strophe.getResourceFromJid(jid) +
755 
-        '>.displayname').text();
755 
+        '>.displayname').html();
756 
     messageHandler.notify(displayName || 'Somebody',
 756 
     messageHandler.notify(displayName || 'Somebody',
757 
         'disconnected',
 757 
         'disconnected',
758 
         'disconnected');
 758 
         'disconnected');

+ 1
- 1
contact_list.js 查看文件

170 
         var contactName = $('#contactlist #' + resourceJid + '>p');
 170 
         var contactName = $('#contactlist #' + resourceJid + '>p');
171
171
172 
         if (contactName && displayName && displayName.length > 0)
 172 
         if (contactName && displayName && displayName.length > 0)
173 
-            contactName.text(displayName);
173 
+            contactName.html(displayName);
174 
     });
 174 
     });
175
175
176 
     my.setClickable = function(resourceJid, isClickable) {
 176 
     my.setClickable = function(resourceJid, isClickable) {

+ 1
- 1
muc.js 查看文件

132 
         }
 132 
         }
133
133
134 
         var nicktag = $(pres).find('>nick[xmlns="http://jabber.org/protocol/nick"]');
 134 
         var nicktag = $(pres).find('>nick[xmlns="http://jabber.org/protocol/nick"]');
135 
-        member.displayName = (nicktag.length > 0 ? nicktag.text() : null);
135 
+        member.displayName = (nicktag.length > 0 ? nicktag.html() : null);
136
136
137 
         if (from == this.myroomjid) {
 137 
         if (from == this.myroomjid) {
138 
             if (member.affiliation == 'owner') this.isOwner = true;
 138 
             if (member.affiliation == 'owner') this.isOwner = true;

+ 4
- 4
videolayout.js 查看文件

751 
             if (nameSpanElement.id === 'localDisplayName' &&
 751 
             if (nameSpanElement.id === 'localDisplayName' &&
752 
                 $('#localDisplayName').text() !== displayName) {
 752 
                 $('#localDisplayName').text() !== displayName) {
753 
                 if (displayName && displayName.length > 0)
 753 
                 if (displayName && displayName.length > 0)
754 
-                    $('#localDisplayName').text(displayName + ' (me)');
754 
+                    $('#localDisplayName').html(displayName + ' (me)');
755 
                 else
 755 
                 else
756 
                     $('#localDisplayName').text(defaultLocalDisplayName);
 756 
                     $('#localDisplayName').text(defaultLocalDisplayName);
757 
             } else {
 757 
             } else {
758 
                 if (displayName && displayName.length > 0)
 758 
                 if (displayName && displayName.length > 0)
759 
-                    $('#' + videoSpanId + '_name').text(displayName);
759 
+                    $('#' + videoSpanId + '_name').html(displayName);
760 
                 else
 760 
                 else
761 
                     $('#' + videoSpanId + '_name').text(interfaceConfig.DEFAULT_REMOTE_DISPLAY_NAME);
 761 
                     $('#' + videoSpanId + '_name').text(interfaceConfig.DEFAULT_REMOTE_DISPLAY_NAME);
762 
             }
 762 
             }
825 
     }
 825 
     }
826
826
827 
     my.inputDisplayNameHandler = function (name) {
 827 
     my.inputDisplayNameHandler = function (name) {
828 
-        if (nickname !== name) {
828 
+        if (name && nickname !== name) {
829 
             nickname = name;
 829 
             nickname = name;
830 
             window.localStorage.displayname = nickname;
 830 
             window.localStorage.displayname = nickname;
831 
             connection.emuc.addDisplayNameToPresence(nickname);
 831 
             connection.emuc.addDisplayNameToPresence(nickname);
1097 
         var displayName = resourceJid;
 1097 
         var displayName = resourceJid;
1098 
         var nameSpan = $('#' + videoContainerId + '>span.displayname');
 1098 
         var nameSpan = $('#' + videoContainerId + '>span.displayname');
1099 
         if (nameSpan.length > 0)
 1099 
         if (nameSpan.length > 0)
1100 
-            displayName = nameSpan.text();
1100 
+            displayName = nameSpan.html();
1101
1101
1102 
         console.log("UI enable dominant speaker",
 1102 
         console.log("UI enable dominant speaker",
1103 
             displayName,
 1103 
             displayName,

撰写 预览
正在加载...
取消
保存