fix: Escapes some keys when parsing input.
This commit is contained in:
damencho
Дамян Минков
parent
e05d53e71a
commit
06ce24527e
|
|
@ -2595,9 +2595,9 @@
|
||||||
"integrity": "sha512-QD1PhQk+s31P1ixsX0H0Suoupp3VMXzIVMSwobR3F3MSUO2YCV0B7xqLcUw/Bh8yuvd3LhpyqLQWTNcRmp6IdQ=="
|
"integrity": "sha512-QD1PhQk+s31P1ixsX0H0Suoupp3VMXzIVMSwobR3F3MSUO2YCV0B7xqLcUw/Bh8yuvd3LhpyqLQWTNcRmp6IdQ=="
|
||||||
},
|
},
|
||||||
"@hapi/bourne": {
|
"@hapi/bourne": {
|
||||||
"version": "1.3.2",
|
"version": "2.0.0",
|
||||||
"resolved": "https://registry.npmjs.org/@hapi/bourne/-/bourne-1.3.2.tgz",
|
"resolved": "https://registry.npmjs.org/@hapi/bourne/-/bourne-2.0.0.tgz",
|
||||||
"integrity": "sha512-1dVNHT76Uu5N3eJNTYcvxee+jzX4Z9lfciqRRHCU27ihbUcYi+iSc2iml5Ke1LXe1SyJCLA0+14Jh4tXJgOppA=="
|
"integrity": "sha512-WEezM1FWztfbzqIUbsDzFRVMxSoLy3HugVcux6KDDtTqzPsLE8NDRHfXvev66aH1i2oOKKar3/XDjbvh/OUBdg=="
|
||||||
},
|
},
|
||||||
"@hapi/hoek": {
|
"@hapi/hoek": {
|
||||||
"version": "8.5.1",
|
"version": "8.5.1",
|
||||||
|
|
@ -2613,6 +2613,13 @@
|
||||||
"@hapi/bourne": "1.x.x",
|
"@hapi/bourne": "1.x.x",
|
||||||
"@hapi/hoek": "8.x.x",
|
"@hapi/hoek": "8.x.x",
|
||||||
"@hapi/topo": "3.x.x"
|
"@hapi/topo": "3.x.x"
|
||||||
|
},
|
||||||
|
"dependencies": {
|
||||||
|
"@hapi/bourne": {
|
||||||
|
"version": "1.3.2",
|
||||||
|
"resolved": "https://registry.npmjs.org/@hapi/bourne/-/bourne-1.3.2.tgz",
|
||||||
|
"integrity": "sha512-1dVNHT76Uu5N3eJNTYcvxee+jzX4Z9lfciqRRHCU27ihbUcYi+iSc2iml5Ke1LXe1SyJCLA0+14Jh4tXJgOppA=="
|
||||||
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"@hapi/topo": {
|
"@hapi/topo": {
|
||||||
|
|
|
||||||
|
|
@ -32,6 +32,7 @@
|
||||||
"@atlaskit/theme": "11.0.2",
|
"@atlaskit/theme": "11.0.2",
|
||||||
"@atlaskit/toggle": "12.0.3",
|
"@atlaskit/toggle": "12.0.3",
|
||||||
"@atlaskit/tooltip": "17.1.2",
|
"@atlaskit/tooltip": "17.1.2",
|
||||||
|
"@hapi/bourne": "2.0.0",
|
||||||
"@jitsi/js-utils": "1.0.6",
|
"@jitsi/js-utils": "1.0.6",
|
||||||
"@material-ui/core": "4.11.3",
|
"@material-ui/core": "4.11.3",
|
||||||
"@microsoft/microsoft-graph-client": "1.1.0",
|
"@microsoft/microsoft-graph-client": "1.1.0",
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,6 @@
|
||||||
// @flow
|
// @flow
|
||||||
|
|
||||||
|
import Bourne from '@hapi/bourne';
|
||||||
import { jitsiLocalStorage } from '@jitsi/js-utils';
|
import { jitsiLocalStorage } from '@jitsi/js-utils';
|
||||||
import _ from 'lodash';
|
import _ from 'lodash';
|
||||||
|
|
||||||
|
|
@ -141,7 +142,7 @@ export function restoreConfig(baseURL: string): ?Object {
|
||||||
|
|
||||||
if (config) {
|
if (config) {
|
||||||
try {
|
try {
|
||||||
return JSON.parse(config) || undefined;
|
return Bourne.parse(config) || undefined;
|
||||||
} catch (e) {
|
} catch (e) {
|
||||||
// Somehow incorrect data ended up in the storage. Clean it up.
|
// Somehow incorrect data ended up in the storage. Clean it up.
|
||||||
jitsiLocalStorage.removeItem(key);
|
jitsiLocalStorage.removeItem(key);
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,6 @@
|
||||||
// @flow
|
// @flow
|
||||||
|
|
||||||
|
import Bourne from '@hapi/bourne';
|
||||||
import { jitsiLocalStorage } from '@jitsi/js-utils/jitsi-local-storage';
|
import { jitsiLocalStorage } from '@jitsi/js-utils/jitsi-local-storage';
|
||||||
|
|
||||||
import { browser } from '../lib-jitsi-meet';
|
import { browser } from '../lib-jitsi-meet';
|
||||||
|
|
@ -57,7 +58,7 @@ function setupJitsiLocalStorage() {
|
||||||
|
|
||||||
if (shouldUseHostPageLocalStorage(urlParams)) {
|
if (shouldUseHostPageLocalStorage(urlParams)) {
|
||||||
try {
|
try {
|
||||||
const localStorageContent = JSON.parse(urlParams['appData.localStorageContent']);
|
const localStorageContent = Bourne.parse(urlParams['appData.localStorageContent']);
|
||||||
|
|
||||||
if (typeof localStorageContent === 'object') {
|
if (typeof localStorageContent === 'object') {
|
||||||
Object.keys(localStorageContent).forEach(key => {
|
Object.keys(localStorageContent).forEach(key => {
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,6 @@
|
||||||
// @flow
|
// @flow
|
||||||
|
|
||||||
|
import Bourne from '@hapi/bourne';
|
||||||
import { NativeModules } from 'react-native';
|
import { NativeModules } from 'react-native';
|
||||||
|
|
||||||
import { loadScript } from '../util';
|
import { loadScript } from '../util';
|
||||||
|
|
@ -20,7 +21,7 @@ export async function loadConfig(url: string): Promise<Object> {
|
||||||
try {
|
try {
|
||||||
const configTxt = await loadScript(url, 10 * 1000 /* Timeout in ms */, true /* skipeval */);
|
const configTxt = await loadScript(url, 10 * 1000 /* Timeout in ms */, true /* skipeval */);
|
||||||
const configJson = await JavaScriptSandbox.evaluate(`${configTxt}\nJSON.stringify(config);`);
|
const configJson = await JavaScriptSandbox.evaluate(`${configTxt}\nJSON.stringify(config);`);
|
||||||
const config = JSON.parse(configJson);
|
const config = Bourne.parse(configJson);
|
||||||
|
|
||||||
if (typeof config !== 'object') {
|
if (typeof config !== 'object') {
|
||||||
throw new Error('config is not an object');
|
throw new Error('config is not an object');
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,6 @@
|
||||||
// @flow
|
// @flow
|
||||||
|
|
||||||
|
import Bourne from '@hapi/bourne';
|
||||||
import { jitsiLocalStorage } from '@jitsi/js-utils';
|
import { jitsiLocalStorage } from '@jitsi/js-utils';
|
||||||
import md5 from 'js-md5';
|
import md5 from 'js-md5';
|
||||||
|
|
||||||
|
|
@ -68,7 +69,7 @@ class PersistenceRegistry {
|
||||||
|
|
||||||
if (persistedState) {
|
if (persistedState) {
|
||||||
try {
|
try {
|
||||||
persistedState = JSON.parse(persistedState);
|
persistedState = Bourne.parse(persistedState);
|
||||||
} catch (error) {
|
} catch (error) {
|
||||||
logger.error(
|
logger.error(
|
||||||
'Error parsing persisted state',
|
'Error parsing persisted state',
|
||||||
|
|
@ -223,7 +224,7 @@ class PersistenceRegistry {
|
||||||
|
|
||||||
if (persistedSubtree) {
|
if (persistedSubtree) {
|
||||||
try {
|
try {
|
||||||
persistedSubtree = JSON.parse(persistedSubtree);
|
persistedSubtree = Bourne.parse(persistedSubtree);
|
||||||
|
|
||||||
const filteredSubtree
|
const filteredSubtree
|
||||||
= this._getFilteredSubtree(persistedSubtree, subtreeConfig);
|
= this._getFilteredSubtree(persistedSubtree, subtreeConfig);
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,15 @@
|
||||||
/* @flow */
|
/* @flow */
|
||||||
|
|
||||||
|
import Bourne from '@hapi/bourne';
|
||||||
|
|
||||||
import { reportError } from './helpers';
|
import { reportError } from './helpers';
|
||||||
|
|
||||||
|
/**
|
||||||
|
* A list if keys to ignore when parsing.
|
||||||
|
* @type {string[]}
|
||||||
|
*/
|
||||||
|
const blacklist = [ '__proto__', 'constructor', 'prototype' ];
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Parses the query/search or fragment/hash parameters out of a specific URL and
|
* Parses the query/search or fragment/hash parameters out of a specific URL and
|
||||||
* returns them as a JS object.
|
* returns them as a JS object.
|
||||||
|
|
@ -34,7 +42,7 @@ export function parseURLParams(
|
||||||
const param = part.split('=');
|
const param = part.split('=');
|
||||||
const key = param[0];
|
const key = param[0];
|
||||||
|
|
||||||
if (!key) {
|
if (!key || blacklist.includes(key.split('.')[0])) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -46,7 +54,7 @@ export function parseURLParams(
|
||||||
if (!dontParse) {
|
if (!dontParse) {
|
||||||
const decoded = decodeURIComponent(value).replace(/\\&/, '&');
|
const decoded = decodeURIComponent(value).replace(/\\&/, '&');
|
||||||
|
|
||||||
value = decoded === 'undefined' ? undefined : JSON.parse(decoded);
|
value = decoded === 'undefined' ? undefined : Bourne.parse(decoded);
|
||||||
}
|
}
|
||||||
} catch (e) {
|
} catch (e) {
|
||||||
reportError(
|
reportError(
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,7 @@
|
||||||
/* @flow */
|
/* @flow */
|
||||||
|
|
||||||
|
import Bourne from '@hapi/bourne';
|
||||||
|
|
||||||
import { i18next } from '../../base/i18n';
|
import { i18next } from '../../base/i18n';
|
||||||
import logger from '../logger';
|
import logger from '../logger';
|
||||||
import {
|
import {
|
||||||
|
|
@ -427,7 +429,7 @@ class RecordingController {
|
||||||
id: member.getId(),
|
id: member.getId(),
|
||||||
displayName: member.getDisplayName(),
|
displayName: member.getDisplayName(),
|
||||||
recordingStats:
|
recordingStats:
|
||||||
JSON.parse(member.getProperty(PROPERTY_STATS) || '{}'),
|
Bourne.parse(member.getProperty(PROPERTY_STATS) || '{}'),
|
||||||
isSelf: false
|
isSelf: false
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,6 @@
|
||||||
/* @flow */
|
/* @flow */
|
||||||
|
|
||||||
|
import Bourne from '@hapi/bourne';
|
||||||
import { jitsiLocalStorage } from '@jitsi/js-utils';
|
import { jitsiLocalStorage } from '@jitsi/js-utils';
|
||||||
|
|
||||||
import logger from '../logger';
|
import logger from '../logger';
|
||||||
|
|
@ -163,7 +164,7 @@ class SessionManager {
|
||||||
|
|
||||||
if (dataStr !== null) {
|
if (dataStr !== null) {
|
||||||
try {
|
try {
|
||||||
const dataObject = JSON.parse(dataStr);
|
const dataObject = Bourne.parse(dataStr);
|
||||||
|
|
||||||
this._sessionsMetadata = dataObject;
|
this._sessionsMetadata = dataObject;
|
||||||
} catch (e) {
|
} catch (e) {
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,6 @@
|
||||||
// @flow
|
// @flow
|
||||||
|
|
||||||
|
import Bourne from '@hapi/bourne';
|
||||||
import { jitsiLocalStorage } from '@jitsi/js-utils';
|
import { jitsiLocalStorage } from '@jitsi/js-utils';
|
||||||
|
|
||||||
import { APP_WILL_MOUNT } from '../base/app';
|
import { APP_WILL_MOUNT } from '../base/app';
|
||||||
|
|
@ -125,7 +126,7 @@ function _getLegacyRecentRoomList(): Array<Object> {
|
||||||
|
|
||||||
if (str) {
|
if (str) {
|
||||||
try {
|
try {
|
||||||
return JSON.parse(str);
|
return Bourne.parse(str);
|
||||||
} catch (error) {
|
} catch (error) {
|
||||||
logger.warn('Failed to parse legacy recent-room list!');
|
logger.warn('Failed to parse legacy recent-room list!');
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,7 @@
|
||||||
// @flow
|
// @flow
|
||||||
/* eslint-disable react/jsx-no-bind, no-return-assign */
|
/* eslint-disable react/jsx-no-bind, no-return-assign */
|
||||||
import Spinner from '@atlaskit/spinner';
|
import Spinner from '@atlaskit/spinner';
|
||||||
|
import Bourne from '@hapi/bourne';
|
||||||
import { jitsiLocalStorage } from '@jitsi/js-utils/jitsi-local-storage';
|
import { jitsiLocalStorage } from '@jitsi/js-utils/jitsi-local-storage';
|
||||||
import React, { useState, useEffect } from 'react';
|
import React, { useState, useEffect } from 'react';
|
||||||
import uuid from 'uuid';
|
import uuid from 'uuid';
|
||||||
|
|
@ -90,7 +91,7 @@ type Props = {
|
||||||
function VirtualBackground({ _jitsiTrack, _selectedThumbnail, _virtualSource, dispatch, t }: Props) {
|
function VirtualBackground({ _jitsiTrack, _selectedThumbnail, _virtualSource, dispatch, t }: Props) {
|
||||||
const [ options, setOptions ] = useState({});
|
const [ options, setOptions ] = useState({});
|
||||||
const localImages = jitsiLocalStorage.getItem('virtualBackgrounds');
|
const localImages = jitsiLocalStorage.getItem('virtualBackgrounds');
|
||||||
const [ storedImages, setStoredImages ] = useState((localImages && JSON.parse(localImages)) || []);
|
const [ storedImages, setStoredImages ] = useState((localImages && Bourne.parse(localImages)) || []);
|
||||||
const [ loading, isloading ] = useState(false);
|
const [ loading, isloading ] = useState(false);
|
||||||
const [ activeDesktopVideo ] = useState(_virtualSource?.videoType === VIDEO_TYPE.DESKTOP ? _virtualSource : null);
|
const [ activeDesktopVideo ] = useState(_virtualSource?.videoType === VIDEO_TYPE.DESKTOP ? _virtualSource : null);
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue