From 287062d74f9a21209c94ef3327a1e9c3d62f2c13 Mon Sep 17 00:00:00 2001
From: cgeek <cem.moreau@gmail.com>
Date: Sun, 31 Jan 2016 11:59:06 +0100
Subject: [PATCH] Fix #330 The websocket API's entities were not sanitized

---
 app/lib/streams/bma.js | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/app/lib/streams/bma.js b/app/lib/streams/bma.js
index 0228291b8..917b7085e 100644
--- a/app/lib/streams/bma.js
+++ b/app/lib/streams/bma.js
@@ -225,7 +225,7 @@ function listenWebSocket(server, httpServer) {
   });
 
   wssBlock.on('connection', function connection(ws) {
-    ws.send(JSON.stringify(currentBlock));
+    ws.send(JSON.stringify(sanitize(currentBlock, dtos.Block)));
   });
 
   wssBlock.broadcast = (data) => wssBlock.clients.forEach((client) => client.send(data));
@@ -237,16 +237,16 @@ function listenWebSocket(server, httpServer) {
       // Broadcast block
       if (data.joiners) {
         currentBlock = data;
-        wssBlock.broadcast(JSON.stringify(currentBlock));
+        wssBlock.broadcast(JSON.stringify(sanitize(currentBlock, dtos.Block)));
       }
       // Broadcast peer
       if (data.endpoints) {
-        wssPeer.broadcast(JSON.stringify(data));
+        wssPeer.broadcast(JSON.stringify(sanitize(data, dtos.Peer)));
       }
     }));
 
   return co(function *() {
     currentBlock = yield server.dal.getCurrent();
-    wssBlock.broadcast(JSON.stringify(currentBlock));
+    wssBlock.broadcast(JSON.stringify(sanitize(currentBlock, dtos.Block)));
   });
 }
-- 
GitLab