overte icon indicating copy to clipboard operation
overte copied to clipboard
verified publisher icon overte-org

Sanitize notificationCore text to prevent XSS

Open Armored-Dragon opened this issue 1 year ago • 1 comments

This PR sanitizes text in the notificationCore notifications to prevent html embedding. Suggested by @ksuprynowicz.

Armored-Dragon avatar Jul 09 '24 18:07 Armored-Dragon

For more context; the notificationCore script, which is used by a lot of applications to show chat messages, does not do its own sanitation of their text field. This pr makes it so that notificationCore sanitizes it just to be sure.

Armored-Dragon avatar Jul 09 '24 20:07 Armored-Dragon

Just tested this. Nothing breaks, the feature is working as expected.

Armored-Dragon avatar Aug 31 '24 23:08 Armored-Dragon