Prevent XSS injection using 'nick' on presence
Also allows special characters in displayName. Fixes issue #182.
This commit is contained in:
parent
5af92474c3
commit
7b0be8e953
2
app.js
2
app.js
|
@ -813,7 +813,7 @@ $(document).bind('entered.muc', function (event, jid, info, pres) {
|
|||
$(document).bind('left.muc', function (event, jid) {
|
||||
console.log('left.muc', jid);
|
||||
var displayName = $('#participant_' + Strophe.getResourceFromJid(jid) +
|
||||
'>.displayname').text();
|
||||
'>.displayname').html();
|
||||
messageHandler.notify(displayName || 'Somebody',
|
||||
'disconnected',
|
||||
'disconnected');
|
||||
|
|
|
@ -170,7 +170,7 @@ var ContactList = (function (my) {
|
|||
var contactName = $('#contactlist #' + resourceJid + '>p');
|
||||
|
||||
if (contactName && displayName && displayName.length > 0)
|
||||
contactName.text(displayName);
|
||||
contactName.html(displayName);
|
||||
});
|
||||
|
||||
my.setClickable = function(resourceJid, isClickable) {
|
||||
|
|
2
muc.js
2
muc.js
|
@ -123,7 +123,7 @@ Strophe.addConnectionPlugin('emuc', {
|
|||
member.role = tmp.attr('role');
|
||||
|
||||
var nicktag = $(pres).find('>nick[xmlns="http://jabber.org/protocol/nick"]');
|
||||
member.displayName = (nicktag.length > 0 ? nicktag.text() : null);
|
||||
member.displayName = (nicktag.length > 0 ? nicktag.html() : null);
|
||||
|
||||
if (from == this.myroomjid) {
|
||||
if (member.affiliation == 'owner') this.isOwner = true;
|
||||
|
|
|
@ -699,12 +699,12 @@ var VideoLayout = (function (my) {
|
|||
if (nameSpanElement.id === 'localDisplayName' &&
|
||||
$('#localDisplayName').text() !== displayName) {
|
||||
if (displayName && displayName.length > 0)
|
||||
$('#localDisplayName').text(displayName + ' (me)');
|
||||
$('#localDisplayName').html(displayName + ' (me)');
|
||||
else
|
||||
$('#localDisplayName').text(defaultLocalDisplayName);
|
||||
} else {
|
||||
if (displayName && displayName.length > 0)
|
||||
$('#' + videoSpanId + '_name').text(displayName);
|
||||
$('#' + videoSpanId + '_name').html(displayName);
|
||||
else
|
||||
$('#' + videoSpanId + '_name').text(interfaceConfig.DEFAULT_REMOTE_DISPLAY_NAME);
|
||||
}
|
||||
|
@ -773,7 +773,7 @@ var VideoLayout = (function (my) {
|
|||
}
|
||||
|
||||
my.inputDisplayNameHandler = function (name) {
|
||||
if (nickname !== name) {
|
||||
if (name && nickname !== name) {
|
||||
nickname = name;
|
||||
window.localStorage.displayname = nickname;
|
||||
connection.emuc.addDisplayNameToPresence(nickname);
|
||||
|
@ -1036,7 +1036,7 @@ var VideoLayout = (function (my) {
|
|||
var displayName = resourceJid;
|
||||
var nameSpan = $('#' + videoContainerId + '>span.displayname');
|
||||
if (nameSpan.length > 0)
|
||||
displayName = nameSpan.text();
|
||||
displayName = nameSpan.html();
|
||||
|
||||
console.log("UI enable dominant speaker",
|
||||
displayName,
|
||||
|
|
Loading…
Reference in New Issue