jfinn
/
jitsi_corner8
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Skips some url parameters that can inject scripts.

j8
damencho 9 years ago
parent
62c4ff719e
commit
d65479abc9
1 changed files with 6 additions and 0 deletions
Split View Show Diff Stats
  1. 6
    0
      modules/config/URLProcessor.js

+ 6
- 0
modules/config/URLProcessor.js View File 

@@ -36,6 +36,12 @@ var URLProcessor = {
36 36 
             if (key.indexOf("config.") === 0) {
37 37 
                 confObj = configJSON.config;
38 38 
                 confKey = key.substr("config.".length);
39 
+
40 
+                // prevent passing some parameters which can inject scripts
41 
+                if (confKey === 'analyticsScriptUrl'
42 
+                    || confKey === 'callStatsCustomScriptUrl')
43 
+                    continue;
44 
+
39 45 
             } else if (key.indexOf("interfaceConfig.") === 0) {
40 46 
                 confObj = configJSON.interfaceConfig;
41 47 
                 confKey = key.substr("interfaceConfig.".length);

Write Preview
Loading…
Cancel
Save