Hi, I noted that here the message is directly used to set the value of the innerHTML field of a DOM element without HTML sanitization. When rendered, the element will trigger an XSS injection that in Electron implies arbitrary js code execution (shell commands, etc).
I said "potential" because I am not able to test the chat with anyone. We tried with 2 boxes on the same network but except the 1 peer connected status message we found no way to chat :(
Hi, I noted that here the message is directly used to set the value of the
innerHTMLfield of a DOM element without HTML sanitization. When rendered, the element will trigger an XSS injection that in Electron implies arbitrary js code execution (shell commands, etc).I said "potential" because I am not able to test the chat with anyone. We tried with 2 boxes on the same network but except the 1 peer connected status message we found no way to chat :(