Add Admin Code 25 : XSS Message As Server (why?)

computernewb / collabvm-1.2.ts

CVM1 clone in TypeScript since cvm1.2.11 decided to nuclear explode

GNU General Public License v3.0

9 stars 17 forks source link

Closed NonameVM closed 5 months ago

NonameVM commented 5 months ago

Added the ability to send messages from the server name (without username), with XSS. Accepts 1 string argument : message text test

elijahr2411 commented 5 months ago

switch (msgArr[2]) {
    case msgArr[2]:
        this.clients.forEach(c => c.sendMsg(guacutils.encode("chat", "", msgArr[2])));
    break;

}

I'm curious why you've used a single-case switch statement here?

NonameVM commented 5 months ago

I don't know how to write code competently yet, I'm just learning ts.

NonameVM commented 5 months ago

One problem : raw js scripts don't work 111

NonameVM commented 5 months ago

I forgot to add that "little detail" since I was only doing it for myself

elijahr2411 commented 5 months ago

That's most likely something to do with your webapp, I'm not sure exactly which webapp version you're using and it appears to be some custom one.

elijahr2411 commented 5 months ago

All seems good, works fine in testing

NonameVM commented 5 months ago

this web application before i18n was added.

NonameVM commented 5 months ago

thanks