Lines Matching +full:display +full:- +full:related

4 Subject: [PATCH] Fix potential Cross-site Scripting (XSS) exploits in demos
8 https://github.com/meetecho/janus-gateway/commit/ba166e9adebfe5343f826c6a9e02299d35414ffd]
9 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
10 ---
11  html/audiobridgetest.js   | 17 +++++++++++++----
12  html/recordplaytest.js    | 13 +++++++++++--
13  html/screensharingtest.js | 11 ++++++++++-
14  html/streamingtest.js     | 13 +++++++++++--
15  html/textroomtest.js      | 23 ++++++++++++++---------
16  html/videocalltest.js     | 15 ++++++++++++---
17  html/videoroomtest.js     | 13 +++++++++++--
18  html/vp9svctest.js        | 13 +++++++++++--
19  8 files changed, 93 insertions(+), 25 deletions(-)
21 diff --git a/html/audiobridgetest.js b/html/audiobridgetest.js
23 --- a/html/audiobridgetest.js
25 @@ -178,7 +178,7 @@ $(document).ready(function() {
29 -													var display = list[f]["display"];
30 +													var display = escapeXmlTags(list[f]["display"]);
34 @@ -222,7 +222,7 @@ $(document).ready(function() {
38 -													var display = list[f]["display"];
39 +													var display = escapeXmlTags(list[f]["display"]);
43 @@ -267,7 +267,7 @@ $(document).ready(function() {
47 -													var display = list[f]["display"];
48 +													var display = escapeXmlTags(list[f]["display"]);
52 @@ -429,7 +429,7 @@ function registerUsername() {
55  		var register = { request: "join", room: myroom, display: username };
56 -		myusername = username;
61 @@ -448,3 +448,12 @@ function getQueryStringValue(name) {
74 diff --git a/html/recordplaytest.js b/html/recordplaytest.js
76 --- a/html/recordplaytest.js
78 @@ -423,11 +423,11 @@ function updateRecsList() {
82 -				$('#recslist').append("<li><a href='#' id='" + list[mp]["id"] + "'>" + list[mp]["name"] + " ["…
87 -				selectedRecordingInfo = $(this).text();
92 @@ -545,3 +545,12 @@ function getQueryStringValue(name) {
105 diff --git a/html/screensharingtest.js b/html/screensharingtest.js
107 --- a/html/screensharingtest.js
109 @@ -161,7 +161,7 @@ $(document).ready(function() {
113 -											$('#title').html(msg["description"]);
118 @@ -514,3 +514,12 @@ function newRemoteFeed(id, display) {
131 diff --git a/html/streamingtest.js b/html/streamingtest.js
133 --- a/html/streamingtest.js
135 @@ -323,7 +323,7 @@ function updateStreamsList() {
139 -				$('#streamslist').append("<li><a href='#' id='" + list[mp]["id"] + "'>" + list[mp]["descriptio…
144 @@ -345,7 +345,7 @@ function getStreamInfo() {
148 -			$('#metadata').html(result.info.metadata);
153 @@ -394,6 +394,15 @@ function stopStream() {
166  // Helpers to create Simulcast-related UI, if enabled
169 diff --git a/html/textroomtest.js b/html/textroomtest.js
171 --- a/html/textroomtest.js
173 @@ -153,9 +153,7 @@ $(document).ready(function() {
177 -										var msg = json["text"];
178 -										msg = msg.replace(new RegExp('<', 'g'), '&lt');
179 -										msg = msg.replace(new RegExp('>', 'g'), '&gt');
184 @@ -170,9 +168,7 @@ $(document).ready(function() {
188 -										var msg = json["text"];
189 -										msg = msg.replace(new RegExp('<', 'g'), '&lt');
190 -										msg = msg.replace(new RegExp('>', 'g'), '&gt');
195 @@ -180,7 +176,7 @@ $(document).ready(function() {
198  										var display = json["display"];
199 -										participants[username] = display ? display : username;
200 +										participants[username] = escapeXmlTags(display ? display : username);
203 …$('#list').append('<li id="rp' + username + '" class="list-group-item">' + participants[username] …
204 @@ -282,7 +278,7 @@ function registerUsername() {
206  			display: username
208 -		myusername = username;
213 @@ -312,7 +308,7 @@ function registerUsername() {
217 -					participants[p.username] = p.display ? p.display : p.username;
218 +					participants[p.username] = escapeXmlTags(p.display ? p.display : p.username);
221 …$('#list').append('<li id="rp' + p.username + '" class="list-group-item">' + participants[p.userna…
222 @@ -418,3 +414,12 @@ function getQueryStringValue(name) {
235 diff --git a/html/videocalltest.js b/html/videocalltest.js
237 --- a/html/videocalltest.js
239 @@ -148,7 +148,7 @@ $(document).ready(function() {
243 -												myusername = result["username"];
248 @@ -163,7 +163,7 @@ $(document).ready(function() {
252 -												yourusername = result["username"];
257 @@ -213,7 +213,7 @@ $(document).ready(function() {
261 -												var peer = result["username"];
266 @@ -598,6 +598,15 @@ function getQueryStringValue(name) {
279  // Helpers to create Simulcast-related UI, if enabled
282 diff --git a/html/videoroomtest.js b/html/videoroomtest.js
284 --- a/html/videoroomtest.js
286 @@ -400,7 +400,7 @@ function registerUsername() {
288  			display: username
290 -		myusername = username;
295 @@ -530,7 +530,7 @@ function newRemoteFeed(id, display, audio, video) {
299 -						remoteFeed.rfdisplay = msg["display"];
300 +						remoteFeed.rfdisplay = escapeXmlTags(msg["display"]);
304 @@ -685,6 +685,15 @@ function getQueryStringValue(name) {
317  // Helpers to create Simulcast-related UI, if enabled
320 diff --git a/html/vp9svctest.js b/html/vp9svctest.js
322 --- a/html/vp9svctest.js
324 @@ -387,7 +387,7 @@ function registerUsername() {
326  			display: username
328 -		myusername = username;
333 @@ -486,7 +486,7 @@ function newRemoteFeed(id, display, audio, video) {
337 -						remoteFeed.rfdisplay = msg["display"];
338 +						remoteFeed.rfdisplay = escapeXmlTags(msg["display"]);
342 @@ -630,6 +630,15 @@ function newRemoteFeed(id, display, audio, video) {
355  // Helpers to create SVC-related UI for a new viewer