Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add files via upload #1108

Merged
merged 1 commit into from
Oct 22, 2022
Merged

Add files via upload #1108

merged 1 commit into from
Oct 22, 2022

Conversation

Minion184
Copy link
Contributor

Explanation

Fixes #:

Checklist

  • The PR title starts with "Fix #issue_number".
  • My branch is up-to-date with the main branch.
  • The PR does not contain any unnecessary auto-generated code.
  • The PR does not break any part of the existing code.
  • The PR creator have carefully read & adher to the guidelines of the project.
  • The PR is raised after the issue has been assigned to the PR creator.

@Tejas1510 Tejas1510 merged commit 86fdc3f into Tejas1510:main Oct 22, 2022
github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 22, 2022
View reviewed changes
Javascript/Text-Chatting App/server.js
Comment on lines +23 to +25
app.get('/start',(req,res)=>{
res.sendFile("start.html" , { root: path.join(__dirname, '/public') })
})

Check failure

Code scanning / CodeQL

Missing rate limiting

This route handler performs [a file system access](1), but is not rate-limited.
Javascript/Text-Chatting App/server.js
Comment on lines +65 to +67
app.get('/room/:roodId/:userId',(req,res)=>{
res.sendFile("room.html",{ root: path.join(__dirname, '/public') })
})

Check failure

Code scanning / CodeQL

Missing rate limiting

This route handler performs [a file system access](1), but is not rate-limited.
Javascript/Text-Chatting App/public/room.html
function displayLocalText(uid,text){
const ele = document.createElement('div')
ele.className = "text-box"
ele.innerHTML += `<span class="author">${uid+": "}</span><p>${text}</p>`

Check warning

Code scanning / CodeQL

DOM text reinterpreted as HTML

[DOM text](1) is reinterpreted as HTML without escaping meta-characters.
Javascript/Text-Chatting App/public/start.html
if(rid && uid){
fetch(origin+"/create-room"+`?roomId=${rid}&userId=${uid}`).then(res=>res.json()).then(data=>{
if(data.status==="success"){
window.location.href=origin+"/room/"+rid+"/"+uid

Check warning

Code scanning / CodeQL

DOM text reinterpreted as HTML

[DOM text](1) is reinterpreted as HTML without escaping meta-characters. [DOM text](2) is reinterpreted as HTML without escaping meta-characters.
Javascript/Text-Chatting App/public/start.html
if(rid && uid){
fetch(origin+"/enter-room"+`?roomId=${rid}&userId=${uid}`).then(res=>res.json()).then(data=>{
if(data.status==="success"){
window.location.href=origin+"/room/"+rid+"/"+uid

Check warning

Code scanning / CodeQL

DOM text reinterpreted as HTML

[DOM text](1) is reinterpreted as HTML without escaping meta-characters. [DOM text](2) is reinterpreted as HTML without escaping meta-characters.
Javascript/Text-Chatting App/server.js

else if(data.roomId){
rooms[data.roomId]={}
rooms[data.roomId][data.userId]=conn

Check warning

Code scanning / CodeQL

Prototype-polluting assignment

This assignment may alter Object.prototype if a malicious '__proto__' string is injected from [user controlled input](1).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@Minion184 @Tejas1510