Skip to content
Snippets Groups Projects

WS2P: prevent JSON injection

    • Open Issue created by Cédric Moreau @c-geek

    WS2P parses received JSON. We need to take a big care on the received JSON because it could carry invalid content.

    To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

    Child items 0

    • No child items are currently assigned. Use child items to break down this issue into smaller parts.

    Activity

    • Cédric Moreau
      Cédric Moreau @c-geek ·
      Author Owner

      The current message handler which is in WS2PServerMessageHandler.ts seems safe enough because it transforms JSON to string Protocol representation and back to JSON, which makes the variables safe as a resulting JS object parsed from a string.

      However it should be checked with deeper tests that these transformations are safe as well.

    Please register or sign in to reply