matty/peertube-plugin-livechat
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Chat Federation, avoid spoofing:

Browse Source 
When sanitizing remote informations, we check that urls and hosts are on
the correct domain or subdomain.
This commit is contained in:
John Livingston
2023-05-31 16:19:45 +02:00
parent 4faf8a3aea
commit 743c4eabd9
4 changed files with 99 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
server/lib/federation/incoming.ts
View File

@ -16,7 +16,7 @@ async function readIncomingAPVideo (
let peertubeLiveChat = ('peertubeLiveChat' in videoAPObject) ? videoAPObject.peertubeLiveChat : false
// We must sanitize peertubeLiveChat, as it comes for the outer world.
peertubeLiveChat = sanitizePeertubeLiveChatInfos(options, peertubeLiveChat)
peertubeLiveChat = sanitizePeertubeLiveChatInfos(options, peertubeLiveChat, video.url)
await storeVideoLiveChatInfos(options, video, peertubeLiveChat)
if (video.remote) {