xrpl-dev-portal icon indicating copy to clipboard operation
xrpl-dev-portal copied to clipboard

Published 20 hours ago verified publisher icon XRPLF

Fix outdated escrow code samples

Open mDuo13 opened this issue 1 year ago • 0 comments

The _code_samples/escrow/js/ folder has several issues:

  • the package.json requires both xrpl.js 3.0 and ripple-lib 0.17 (the latter is ancient and unused in the code). It's likely that ripple-lib is the source of the security issue flagged in #2783.
  • the samples use the if (typeof module !== "undefined") hack, which is intended to make the same code run in both a browser via html file and in node.js, but they don't have a demo HTML file
  • The samples use hard-coded secrets instead of using the faucet
  • The existing tutorials like Send a Time-Held Escrow use WebSocket requests for sign-and-submit (insecure unless you know what you're doing) instead of signing using the client library

mDuo13 avatar Sep 25 '24 22:09 mDuo13