jfinn
/
jvc0
关注 1
点赞 0
派生 0
代码 工单 0 合并请求 0 版本发布 0 百科 动态
浏览代码

fix: Escapes some keys when parsing input.

factor2
damencho 4 年前
父节点
e05d53e71a
当前提交
06ce24527e
共有 11 个文件被更改,包括 39 次插入14 次删除
合并视图 显示文件统计
  1. 10
    3
      package-lock.json
  2. 1
    0
      package.json
  3. 2
    1
      react/features/base/config/functions.any.js
  4. 2
    1
      react/features/base/jitsi-local-storage/setup.web.js
  5. 2
    1
      react/features/base/lib-jitsi-meet/functions.native.js
  6. 3
    2
      react/features/base/redux/PersistenceRegistry.js
  7. 10
    2
      react/features/base/util/parseURLParams.js
  8. 3
    1
      react/features/local-recording/controller/RecordingController.js
  9. 2
    1
      react/features/local-recording/session/SessionManager.js
  10. 2
    1
      react/features/recent-list/reducer.js
  11. 2
    1
      react/features/virtual-background/components/VirtualBackgroundDialog.js

+ 10
- 3
package-lock.json 查看文件

2595 
       "integrity": "sha512-QD1PhQk+s31P1ixsX0H0Suoupp3VMXzIVMSwobR3F3MSUO2YCV0B7xqLcUw/Bh8yuvd3LhpyqLQWTNcRmp6IdQ=="
 2595 
       "integrity": "sha512-QD1PhQk+s31P1ixsX0H0Suoupp3VMXzIVMSwobR3F3MSUO2YCV0B7xqLcUw/Bh8yuvd3LhpyqLQWTNcRmp6IdQ=="
2596 
     },
 2596 
     },
2597 
     "@hapi/bourne": {
 2597 
     "@hapi/bourne": {
2598 
-      "version": "1.3.2",
2599 
-      "resolved": "https://registry.npmjs.org/@hapi/bourne/-/bourne-1.3.2.tgz",
2600 
-      "integrity": "sha512-1dVNHT76Uu5N3eJNTYcvxee+jzX4Z9lfciqRRHCU27ihbUcYi+iSc2iml5Ke1LXe1SyJCLA0+14Jh4tXJgOppA=="
2598 
+      "version": "2.0.0",
2599 
+      "resolved": "https://registry.npmjs.org/@hapi/bourne/-/bourne-2.0.0.tgz",
2600 
+      "integrity": "sha512-WEezM1FWztfbzqIUbsDzFRVMxSoLy3HugVcux6KDDtTqzPsLE8NDRHfXvev66aH1i2oOKKar3/XDjbvh/OUBdg=="
2601 
     },
 2601 
     },
2602 
     "@hapi/hoek": {
 2602 
     "@hapi/hoek": {
2603 
       "version": "8.5.1",
 2603 
       "version": "8.5.1",
2613 
         "@hapi/bourne": "1.x.x",
 2613 
         "@hapi/bourne": "1.x.x",
2614 
         "@hapi/hoek": "8.x.x",
 2614 
         "@hapi/hoek": "8.x.x",
2615 
         "@hapi/topo": "3.x.x"
 2615 
         "@hapi/topo": "3.x.x"
2616 
+      },
2617 
+      "dependencies": {
2618 
+        "@hapi/bourne": {
2619 
+          "version": "1.3.2",
2620 
+          "resolved": "https://registry.npmjs.org/@hapi/bourne/-/bourne-1.3.2.tgz",
2621 
+          "integrity": "sha512-1dVNHT76Uu5N3eJNTYcvxee+jzX4Z9lfciqRRHCU27ihbUcYi+iSc2iml5Ke1LXe1SyJCLA0+14Jh4tXJgOppA=="
2622 
+        }
2616 
       }
 2623 
       }
2617 
     },
 2624 
     },
2618 
     "@hapi/topo": {
 2625 
     "@hapi/topo": {

+ 1
- 0
package.json 查看文件

32 
     "@atlaskit/theme": "11.0.2",
 32 
     "@atlaskit/theme": "11.0.2",
33 
     "@atlaskit/toggle": "12.0.3",
 33 
     "@atlaskit/toggle": "12.0.3",
34 
     "@atlaskit/tooltip": "17.1.2",
 34 
     "@atlaskit/tooltip": "17.1.2",
35 
+    "@hapi/bourne": "2.0.0",
35 
     "@jitsi/js-utils": "1.0.6",
 36 
     "@jitsi/js-utils": "1.0.6",
36 
     "@material-ui/core": "4.11.3",
 37 
     "@material-ui/core": "4.11.3",
37 
     "@microsoft/microsoft-graph-client": "1.1.0",
 38 
     "@microsoft/microsoft-graph-client": "1.1.0",

+ 2
- 1
react/features/base/config/functions.any.js 查看文件

1 
 // @flow
 1 
 // @flow
2
2
3 
+import Bourne from '@hapi/bourne';
3 
 import { jitsiLocalStorage } from '@jitsi/js-utils';
 4 
 import { jitsiLocalStorage } from '@jitsi/js-utils';
4 
 import _ from 'lodash';
 5 
 import _ from 'lodash';
5
6
141
142
142 
     if (config) {
 143 
     if (config) {
143 
         try {
 144 
         try {
144 
-            return JSON.parse(config) || undefined;
145 
+            return Bourne.parse(config) || undefined;
145 
         } catch (e) {
 146 
         } catch (e) {
146 
             // Somehow incorrect data ended up in the storage. Clean it up.
 147 
             // Somehow incorrect data ended up in the storage. Clean it up.
147 
             jitsiLocalStorage.removeItem(key);
 148 
             jitsiLocalStorage.removeItem(key);

+ 2
- 1
react/features/base/jitsi-local-storage/setup.web.js 查看文件

1 
 // @flow
 1 
 // @flow
2
2
3 
+import Bourne from '@hapi/bourne';
3 
 import { jitsiLocalStorage } from '@jitsi/js-utils/jitsi-local-storage';
 4 
 import { jitsiLocalStorage } from '@jitsi/js-utils/jitsi-local-storage';
4
5
5 
 import { browser } from '../lib-jitsi-meet';
 6 
 import { browser } from '../lib-jitsi-meet';
57
58
58 
     if (shouldUseHostPageLocalStorage(urlParams)) {
 59 
     if (shouldUseHostPageLocalStorage(urlParams)) {
59 
         try {
 60 
         try {
60 
-            const localStorageContent = JSON.parse(urlParams['appData.localStorageContent']);
61 
+            const localStorageContent = Bourne.parse(urlParams['appData.localStorageContent']);
61
62
62 
             if (typeof localStorageContent === 'object') {
 63 
             if (typeof localStorageContent === 'object') {
63 
                 Object.keys(localStorageContent).forEach(key => {
 64 
                 Object.keys(localStorageContent).forEach(key => {

+ 2
- 1
react/features/base/lib-jitsi-meet/functions.native.js 查看文件

1 
 // @flow
 1 
 // @flow
2
2
3 
+import Bourne from '@hapi/bourne';
3 
 import { NativeModules } from 'react-native';
 4 
 import { NativeModules } from 'react-native';
4
5
5 
 import { loadScript } from '../util';
 6 
 import { loadScript } from '../util';
20 
     try {
 21 
     try {
21 
         const configTxt = await loadScript(url, 10 * 1000 /* Timeout in ms */, true /* skipeval */);
 22 
         const configTxt = await loadScript(url, 10 * 1000 /* Timeout in ms */, true /* skipeval */);
22 
         const configJson = await JavaScriptSandbox.evaluate(`${configTxt}\nJSON.stringify(config);`);
 23 
         const configJson = await JavaScriptSandbox.evaluate(`${configTxt}\nJSON.stringify(config);`);
23 
-        const config = JSON.parse(configJson);
24 
+        const config = Bourne.parse(configJson);
24
25
25 
         if (typeof config !== 'object') {
 26 
         if (typeof config !== 'object') {
26 
             throw new Error('config is not an object');
 27 
             throw new Error('config is not an object');

+ 3
- 2
react/features/base/redux/PersistenceRegistry.js 查看文件

1 
 // @flow
 1 
 // @flow
2
2
3 
+import Bourne from '@hapi/bourne';
3 
 import { jitsiLocalStorage } from '@jitsi/js-utils';
 4 
 import { jitsiLocalStorage } from '@jitsi/js-utils';
4 
 import md5 from 'js-md5';
 5 
 import md5 from 'js-md5';
5
6
68
69
69 
             if (persistedState) {
 70 
             if (persistedState) {
70 
                 try {
 71 
                 try {
71 
-                    persistedState = JSON.parse(persistedState);
72 
+                    persistedState = Bourne.parse(persistedState);
72 
                 } catch (error) {
 73 
                 } catch (error) {
73 
                     logger.error(
 74 
                     logger.error(
74 
                         'Error parsing persisted state',
 75 
                         'Error parsing persisted state',
223
224
224 
         if (persistedSubtree) {
 225 
         if (persistedSubtree) {
225 
             try {
 226 
             try {
226 
-                persistedSubtree = JSON.parse(persistedSubtree);
227 
+                persistedSubtree = Bourne.parse(persistedSubtree);
227
228
228 
                 const filteredSubtree
 229 
                 const filteredSubtree
229 
                     = this._getFilteredSubtree(persistedSubtree, subtreeConfig);
 230 
                     = this._getFilteredSubtree(persistedSubtree, subtreeConfig);

+ 10
- 2
react/features/base/util/parseURLParams.js 查看文件

1 
 /* @flow */
 1 
 /* @flow */
2
2
3 
+import Bourne from '@hapi/bourne';
4 
+
3 
 import { reportError } from './helpers';
 5 
 import { reportError } from './helpers';
4
6
7 
+/**
8 
+ * A list if keys to ignore when parsing.
9 
+ * @type {string[]}
10 
+ */
11 
+const blacklist = [ '__proto__', 'constructor', 'prototype' ];
12 
+
5 
 /**
 13 
 /**
6 
  * Parses the query/search or fragment/hash parameters out of a specific URL and
 14 
  * Parses the query/search or fragment/hash parameters out of a specific URL and
7 
  * returns them as a JS object.
 15 
  * returns them as a JS object.
34 
         const param = part.split('=');
 42 
         const param = part.split('=');
35 
         const key = param[0];
 43 
         const key = param[0];
36
44
37 
-        if (!key) {
45 
+        if (!key || blacklist.includes(key.split('.')[0])) {
38 
             return;
 46 
             return;
39 
         }
 47 
         }
40
48
46 
             if (!dontParse) {
 54 
             if (!dontParse) {
47 
                 const decoded = decodeURIComponent(value).replace(/\\&/, '&');
 55 
                 const decoded = decodeURIComponent(value).replace(/\\&/, '&');
48
56
49 
-                value = decoded === 'undefined' ? undefined : JSON.parse(decoded);
57 
+                value = decoded === 'undefined' ? undefined : Bourne.parse(decoded);
50 
             }
 58 
             }
51 
         } catch (e) {
 59 
         } catch (e) {
52 
             reportError(
 60 
             reportError(

+ 3
- 1
react/features/local-recording/controller/RecordingController.js 查看文件

1 
 /* @flow */
 1 
 /* @flow */
2
2
3 
+import Bourne from '@hapi/bourne';
4 
+
3 
 import { i18next } from '../../base/i18n';
 5 
 import { i18next } from '../../base/i18n';
4 
 import logger from '../logger';
 6 
 import logger from '../logger';
5 
 import {
 7 
 import {
427 
                     id: member.getId(),
 429 
                     id: member.getId(),
428 
                     displayName: member.getDisplayName(),
 430 
                     displayName: member.getDisplayName(),
429 
                     recordingStats:
 431 
                     recordingStats:
430 
-                        JSON.parse(member.getProperty(PROPERTY_STATS) || '{}'),
432 
+                        Bourne.parse(member.getProperty(PROPERTY_STATS) || '{}'),
431 
                     isSelf: false
 433 
                     isSelf: false
432 
                 };
 434 
                 };
433 
             });
 435 
             });

+ 2
- 1
react/features/local-recording/session/SessionManager.js 查看文件

1 
 /* @flow */
 1 
 /* @flow */
2
2
3 
+import Bourne from '@hapi/bourne';
3 
 import { jitsiLocalStorage } from '@jitsi/js-utils';
 4 
 import { jitsiLocalStorage } from '@jitsi/js-utils';
4
5
5 
 import logger from '../logger';
 6 
 import logger from '../logger';
163
164
164 
         if (dataStr !== null) {
 165 
         if (dataStr !== null) {
165 
             try {
 166 
             try {
166 
-                const dataObject = JSON.parse(dataStr);
167 
+                const dataObject = Bourne.parse(dataStr);
167
168
168 
                 this._sessionsMetadata = dataObject;
 169 
                 this._sessionsMetadata = dataObject;
169 
             } catch (e) {
 170 
             } catch (e) {

+ 2
- 1
react/features/recent-list/reducer.js 查看文件

1 
 // @flow
 1 
 // @flow
2
2
3 
+import Bourne from '@hapi/bourne';
3 
 import { jitsiLocalStorage } from '@jitsi/js-utils';
 4 
 import { jitsiLocalStorage } from '@jitsi/js-utils';
4
5
5 
 import { APP_WILL_MOUNT } from '../base/app';
 6 
 import { APP_WILL_MOUNT } from '../base/app';
125
126
126 
     if (str) {
 127 
     if (str) {
127 
         try {
 128 
         try {
128 
-            return JSON.parse(str);
129 
+            return Bourne.parse(str);
129 
         } catch (error) {
 130 
         } catch (error) {
130 
             logger.warn('Failed to parse legacy recent-room list!');
 131 
             logger.warn('Failed to parse legacy recent-room list!');
131 
         }
 132 
         }

+ 2
- 1
react/features/virtual-background/components/VirtualBackgroundDialog.js 查看文件

1 
 // @flow
 1 
 // @flow
2 
 /* eslint-disable react/jsx-no-bind, no-return-assign */
 2 
 /* eslint-disable react/jsx-no-bind, no-return-assign */
3 
 import Spinner from '@atlaskit/spinner';
 3 
 import Spinner from '@atlaskit/spinner';
4 
+import Bourne from '@hapi/bourne';
4 
 import { jitsiLocalStorage } from '@jitsi/js-utils/jitsi-local-storage';
 5 
 import { jitsiLocalStorage } from '@jitsi/js-utils/jitsi-local-storage';
5 
 import React, { useState, useEffect } from 'react';
 6 
 import React, { useState, useEffect } from 'react';
6 
 import uuid from 'uuid';
 7 
 import uuid from 'uuid';
90 
 function VirtualBackground({ _jitsiTrack, _selectedThumbnail, _virtualSource, dispatch, t }: Props) {
 91 
 function VirtualBackground({ _jitsiTrack, _selectedThumbnail, _virtualSource, dispatch, t }: Props) {
91 
     const [ options, setOptions ] = useState({});
 92 
     const [ options, setOptions ] = useState({});
92 
     const localImages = jitsiLocalStorage.getItem('virtualBackgrounds');
 93 
     const localImages = jitsiLocalStorage.getItem('virtualBackgrounds');
93 
-    const [ storedImages, setStoredImages ] = useState((localImages && JSON.parse(localImages)) || []);
94 
+    const [ storedImages, setStoredImages ] = useState((localImages && Bourne.parse(localImages)) || []);
94 
     const [ loading, isloading ] = useState(false);
 95 
     const [ loading, isloading ] = useState(false);
95 
     const [ activeDesktopVideo ] = useState(_virtualSource?.videoType === VIDEO_TYPE.DESKTOP ? _virtualSource : null);
 96 
     const [ activeDesktopVideo ] = useState(_virtualSource?.videoType === VIDEO_TYPE.DESKTOP ? _virtualSource : null);
96
97

撰写 预览
正在加载...
取消
保存