fix: Escapes some keys when parsing input.
This commit is contained in:
parent
e05d53e71a
commit
06ce24527e
|
@ -2595,9 +2595,9 @@
|
|||
"integrity": "sha512-QD1PhQk+s31P1ixsX0H0Suoupp3VMXzIVMSwobR3F3MSUO2YCV0B7xqLcUw/Bh8yuvd3LhpyqLQWTNcRmp6IdQ=="
|
||||
},
|
||||
"@hapi/bourne": {
|
||||
"version": "1.3.2",
|
||||
"resolved": "https://registry.npmjs.org/@hapi/bourne/-/bourne-1.3.2.tgz",
|
||||
"integrity": "sha512-1dVNHT76Uu5N3eJNTYcvxee+jzX4Z9lfciqRRHCU27ihbUcYi+iSc2iml5Ke1LXe1SyJCLA0+14Jh4tXJgOppA=="
|
||||
"version": "2.0.0",
|
||||
"resolved": "https://registry.npmjs.org/@hapi/bourne/-/bourne-2.0.0.tgz",
|
||||
"integrity": "sha512-WEezM1FWztfbzqIUbsDzFRVMxSoLy3HugVcux6KDDtTqzPsLE8NDRHfXvev66aH1i2oOKKar3/XDjbvh/OUBdg=="
|
||||
},
|
||||
"@hapi/hoek": {
|
||||
"version": "8.5.1",
|
||||
|
@ -2613,6 +2613,13 @@
|
|||
"@hapi/bourne": "1.x.x",
|
||||
"@hapi/hoek": "8.x.x",
|
||||
"@hapi/topo": "3.x.x"
|
||||
},
|
||||
"dependencies": {
|
||||
"@hapi/bourne": {
|
||||
"version": "1.3.2",
|
||||
"resolved": "https://registry.npmjs.org/@hapi/bourne/-/bourne-1.3.2.tgz",
|
||||
"integrity": "sha512-1dVNHT76Uu5N3eJNTYcvxee+jzX4Z9lfciqRRHCU27ihbUcYi+iSc2iml5Ke1LXe1SyJCLA0+14Jh4tXJgOppA=="
|
||||
}
|
||||
}
|
||||
},
|
||||
"@hapi/topo": {
|
||||
|
|
|
@ -32,6 +32,7 @@
|
|||
"@atlaskit/theme": "11.0.2",
|
||||
"@atlaskit/toggle": "12.0.3",
|
||||
"@atlaskit/tooltip": "17.1.2",
|
||||
"@hapi/bourne": "2.0.0",
|
||||
"@jitsi/js-utils": "1.0.6",
|
||||
"@material-ui/core": "4.11.3",
|
||||
"@microsoft/microsoft-graph-client": "1.1.0",
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
// @flow
|
||||
|
||||
import Bourne from '@hapi/bourne';
|
||||
import { jitsiLocalStorage } from '@jitsi/js-utils';
|
||||
import _ from 'lodash';
|
||||
|
||||
|
@ -141,7 +142,7 @@ export function restoreConfig(baseURL: string): ?Object {
|
|||
|
||||
if (config) {
|
||||
try {
|
||||
return JSON.parse(config) || undefined;
|
||||
return Bourne.parse(config) || undefined;
|
||||
} catch (e) {
|
||||
// Somehow incorrect data ended up in the storage. Clean it up.
|
||||
jitsiLocalStorage.removeItem(key);
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
// @flow
|
||||
|
||||
import Bourne from '@hapi/bourne';
|
||||
import { jitsiLocalStorage } from '@jitsi/js-utils/jitsi-local-storage';
|
||||
|
||||
import { browser } from '../lib-jitsi-meet';
|
||||
|
@ -57,7 +58,7 @@ function setupJitsiLocalStorage() {
|
|||
|
||||
if (shouldUseHostPageLocalStorage(urlParams)) {
|
||||
try {
|
||||
const localStorageContent = JSON.parse(urlParams['appData.localStorageContent']);
|
||||
const localStorageContent = Bourne.parse(urlParams['appData.localStorageContent']);
|
||||
|
||||
if (typeof localStorageContent === 'object') {
|
||||
Object.keys(localStorageContent).forEach(key => {
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
// @flow
|
||||
|
||||
import Bourne from '@hapi/bourne';
|
||||
import { NativeModules } from 'react-native';
|
||||
|
||||
import { loadScript } from '../util';
|
||||
|
@ -20,7 +21,7 @@ export async function loadConfig(url: string): Promise<Object> {
|
|||
try {
|
||||
const configTxt = await loadScript(url, 10 * 1000 /* Timeout in ms */, true /* skipeval */);
|
||||
const configJson = await JavaScriptSandbox.evaluate(`${configTxt}\nJSON.stringify(config);`);
|
||||
const config = JSON.parse(configJson);
|
||||
const config = Bourne.parse(configJson);
|
||||
|
||||
if (typeof config !== 'object') {
|
||||
throw new Error('config is not an object');
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
// @flow
|
||||
|
||||
import Bourne from '@hapi/bourne';
|
||||
import { jitsiLocalStorage } from '@jitsi/js-utils';
|
||||
import md5 from 'js-md5';
|
||||
|
||||
|
@ -68,7 +69,7 @@ class PersistenceRegistry {
|
|||
|
||||
if (persistedState) {
|
||||
try {
|
||||
persistedState = JSON.parse(persistedState);
|
||||
persistedState = Bourne.parse(persistedState);
|
||||
} catch (error) {
|
||||
logger.error(
|
||||
'Error parsing persisted state',
|
||||
|
@ -223,7 +224,7 @@ class PersistenceRegistry {
|
|||
|
||||
if (persistedSubtree) {
|
||||
try {
|
||||
persistedSubtree = JSON.parse(persistedSubtree);
|
||||
persistedSubtree = Bourne.parse(persistedSubtree);
|
||||
|
||||
const filteredSubtree
|
||||
= this._getFilteredSubtree(persistedSubtree, subtreeConfig);
|
||||
|
|
|
@ -1,7 +1,15 @@
|
|||
/* @flow */
|
||||
|
||||
import Bourne from '@hapi/bourne';
|
||||
|
||||
import { reportError } from './helpers';
|
||||
|
||||
/**
|
||||
* A list if keys to ignore when parsing.
|
||||
* @type {string[]}
|
||||
*/
|
||||
const blacklist = [ '__proto__', 'constructor', 'prototype' ];
|
||||
|
||||
/**
|
||||
* Parses the query/search or fragment/hash parameters out of a specific URL and
|
||||
* returns them as a JS object.
|
||||
|
@ -34,7 +42,7 @@ export function parseURLParams(
|
|||
const param = part.split('=');
|
||||
const key = param[0];
|
||||
|
||||
if (!key) {
|
||||
if (!key || blacklist.includes(key.split('.')[0])) {
|
||||
return;
|
||||
}
|
||||
|
||||
|
@ -46,7 +54,7 @@ export function parseURLParams(
|
|||
if (!dontParse) {
|
||||
const decoded = decodeURIComponent(value).replace(/\\&/, '&');
|
||||
|
||||
value = decoded === 'undefined' ? undefined : JSON.parse(decoded);
|
||||
value = decoded === 'undefined' ? undefined : Bourne.parse(decoded);
|
||||
}
|
||||
} catch (e) {
|
||||
reportError(
|
||||
|
|
|
@ -1,5 +1,7 @@
|
|||
/* @flow */
|
||||
|
||||
import Bourne from '@hapi/bourne';
|
||||
|
||||
import { i18next } from '../../base/i18n';
|
||||
import logger from '../logger';
|
||||
import {
|
||||
|
@ -427,7 +429,7 @@ class RecordingController {
|
|||
id: member.getId(),
|
||||
displayName: member.getDisplayName(),
|
||||
recordingStats:
|
||||
JSON.parse(member.getProperty(PROPERTY_STATS) || '{}'),
|
||||
Bourne.parse(member.getProperty(PROPERTY_STATS) || '{}'),
|
||||
isSelf: false
|
||||
};
|
||||
});
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
/* @flow */
|
||||
|
||||
import Bourne from '@hapi/bourne';
|
||||
import { jitsiLocalStorage } from '@jitsi/js-utils';
|
||||
|
||||
import logger from '../logger';
|
||||
|
@ -163,7 +164,7 @@ class SessionManager {
|
|||
|
||||
if (dataStr !== null) {
|
||||
try {
|
||||
const dataObject = JSON.parse(dataStr);
|
||||
const dataObject = Bourne.parse(dataStr);
|
||||
|
||||
this._sessionsMetadata = dataObject;
|
||||
} catch (e) {
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
// @flow
|
||||
|
||||
import Bourne from '@hapi/bourne';
|
||||
import { jitsiLocalStorage } from '@jitsi/js-utils';
|
||||
|
||||
import { APP_WILL_MOUNT } from '../base/app';
|
||||
|
@ -125,7 +126,7 @@ function _getLegacyRecentRoomList(): Array<Object> {
|
|||
|
||||
if (str) {
|
||||
try {
|
||||
return JSON.parse(str);
|
||||
return Bourne.parse(str);
|
||||
} catch (error) {
|
||||
logger.warn('Failed to parse legacy recent-room list!');
|
||||
}
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
// @flow
|
||||
/* eslint-disable react/jsx-no-bind, no-return-assign */
|
||||
import Spinner from '@atlaskit/spinner';
|
||||
import Bourne from '@hapi/bourne';
|
||||
import { jitsiLocalStorage } from '@jitsi/js-utils/jitsi-local-storage';
|
||||
import React, { useState, useEffect } from 'react';
|
||||
import uuid from 'uuid';
|
||||
|
@ -90,7 +91,7 @@ type Props = {
|
|||
function VirtualBackground({ _jitsiTrack, _selectedThumbnail, _virtualSource, dispatch, t }: Props) {
|
||||
const [ options, setOptions ] = useState({});
|
||||
const localImages = jitsiLocalStorage.getItem('virtualBackgrounds');
|
||||
const [ storedImages, setStoredImages ] = useState((localImages && JSON.parse(localImages)) || []);
|
||||
const [ storedImages, setStoredImages ] = useState((localImages && Bourne.parse(localImages)) || []);
|
||||
const [ loading, isloading ] = useState(false);
|
||||
const [ activeDesktopVideo ] = useState(_virtualSource?.videoType === VIDEO_TYPE.DESKTOP ? _virtualSource : null);
|
||||
|
||||
|
|
Loading…
Reference in New Issue