fix: protect against XSS in chat names

2025-02-22 11:38:57 +00:00 · 2020-11-05 15:03:53 -05:00 · 2020-11-05 15:03:53 -05:00 · dbc1d26966
commit dbc1d26966
parent cd8f49921f
2 changed files with 6 additions and 3 deletions
--- a/ui/app/AppLayouts/Chat/components/GroupChatPopup.qml
+++ b/ui/app/AppLayouts/Chat/components/GroupChatPopup.qml
@ -57,7 +57,7 @@ ModalPopup {

    function doJoin(){
        if(pubKeys.length === 0) return;
-        chatsModel.createGroup(groupName.text, JSON.stringify(pubKeys));
+        chatsModel.createGroup(Utils.filterXSS(groupName.text), JSON.stringify(pubKeys));
        popup.close();
    }

--- a/ui/imports/Utils.qml
+++ b/ui/imports/Utils.qml
@ -54,8 +54,11 @@ QtObject {
        var replacePattern2 = /(^|[^\/])(www\.[\S]+(\b|$))/gim;
        replacedText = replacedText.replace(replacePattern2, "$1<a href='http://$2'>$2</a>");

-        replacedText = XSS.filterXSS(replacedText)
-        return replacedText;
+        return XSS.filterXSS(replacedText)
+    }
+
+    function filterXSS(inputText) {
+        return XSS.filterXSS(inputText)
    }

    function toLocaleString(val, locale, options) {