On line 1072, data is declared as:
const data = `Recording in ${SendAudioUtil.getChannelName(type)} (${SendAudioUtil.getGuildName(type)})`;
And the getChannelName / getGuildName does not sanitize the name.
data is used to create the SendAudioUtil panel and is not sanitized either.
If you want to test this, you can rename a guild or channel to <img src=x onerror=alert(1)> and click the record button.
MKSx
commented
4 years ago
Issue
On line 1072,
datais declared as:const data = `Recording in ${SendAudioUtil.getChannelName(type)} (${SendAudioUtil.getGuildName(type)})`;And thegetChannelName/getGuildNamedoes not sanitize the name.datais used to create theSendAudioUtilpanel and is not sanitized either. If you want to test this, you can rename a guild or channel to<img src=x onerror=alert(1)>and click the record button.Result: