Sanitize notification before processing it

pushbits / server

A simple server for push notifications via Matrix (and a minimalistic alternative to Pushover and Gotify) 🚀📯

https://www.pushbits.io

ISC License

314 stars 18 forks source link

Sanitize notification before processing it #42

Closed eikendev closed 2 years ago

eikendev commented 2 years ago

The ID and UrlEncodedID fields were not sanitized before passing the notification to SendNotification(). It's not a problem now, but I think we should be careful with implicit input.