Skip to content
Snippets Groups Projects
Commit 287062d7 authored by Cédric Moreau's avatar Cédric Moreau
Browse files

Fix #330 The websocket API's entities were not sanitized

parent 908fde07
No related branches found
No related tags found
No related merge requests found
...@@ -225,7 +225,7 @@ function listenWebSocket(server, httpServer) { ...@@ -225,7 +225,7 @@ function listenWebSocket(server, httpServer) {
}); });
wssBlock.on('connection', function connection(ws) { wssBlock.on('connection', function connection(ws) {
ws.send(JSON.stringify(currentBlock)); ws.send(JSON.stringify(sanitize(currentBlock, dtos.Block)));
}); });
wssBlock.broadcast = (data) => wssBlock.clients.forEach((client) => client.send(data)); wssBlock.broadcast = (data) => wssBlock.clients.forEach((client) => client.send(data));
...@@ -237,16 +237,16 @@ function listenWebSocket(server, httpServer) { ...@@ -237,16 +237,16 @@ function listenWebSocket(server, httpServer) {
// Broadcast block // Broadcast block
if (data.joiners) { if (data.joiners) {
currentBlock = data; currentBlock = data;
wssBlock.broadcast(JSON.stringify(currentBlock)); wssBlock.broadcast(JSON.stringify(sanitize(currentBlock, dtos.Block)));
} }
// Broadcast peer // Broadcast peer
if (data.endpoints) { if (data.endpoints) {
wssPeer.broadcast(JSON.stringify(data)); wssPeer.broadcast(JSON.stringify(sanitize(data, dtos.Peer)));
} }
})); }));
return co(function *() { return co(function *() {
currentBlock = yield server.dal.getCurrent(); currentBlock = yield server.dal.getCurrent();
wssBlock.broadcast(JSON.stringify(currentBlock)); wssBlock.broadcast(JSON.stringify(sanitize(currentBlock, dtos.Block)));
}); });
} }
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment