studio/meet
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

🔒️(frontend) fix an XSS vulnerability on the recording page

Browse Source 
An XSS vulnerability was identified by an open-source contributor. While the
impact was limited, only a room owner could inject the content and then view the
recording page, it is important to address, especially before introducing
multi-owner support.
This commit is contained in:
lebaudantoine
2026-01-27 12:21:37 +01:00
committed by aleb_the_flash
parent 60d1338eff
commit 8f710a4626
6 changed files with 14 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGELOG.md
View File

@@ -8,6 +8,10 @@ and this project adheres to
## [Unreleased] ## [Unreleased]
### Fixed
- 🔒️(frontend) fix an XSS vulnerability on the recording page #911
## [1.4.0] - 2026-01-25 ## [1.4.0] - 2026-01-25
### Added ### Added

14
src/frontend/src/features/recording/routes/RecordingDownload.tsx
View File

@@ -104,14 +104,12 @@ export const RecordingDownload = () => {
{t('success.title')} {t('success.title')}
</H> </H>
<Text centered margin="md" wrap={'balance'}> <Text centered margin="md" wrap={'balance'}>
<span <span>
dangerouslySetInnerHTML={{ {t('success.body', {
__html: t('success.body', { room: data.room.name,
room: data.room.name, created_at: formatDate(data.created_at, 'YYYY-MM-DD HH:mm'),
created_at: formatDate(data.created_at, 'YYYY-MM-DD HH:mm'), })}
}), </span>
}}
/>
<span> <span>
{configData?.recording?.expiration_days && ( {configData?.recording?.expiration_days && (
<> <>

2
src/frontend/src/locales/de/recording.json
View File

@@ -17,7 +17,7 @@
}, },
"success": { "success": {
"title": "Ihre Aufzeichnung ist bereit!", "title": "Ihre Aufzeichnung ist bereit!",
"body": "Aufzeichnung des Treffens <b>{{room}}</b> vom {{created_at}}.", "body": "Aufzeichnung des Treffens {{room}} vom {{created_at}}.",
"expiration": "Achtung, diese Aufzeichnung wird nach {{expiration_days}} Tag(en) gelöscht.", "expiration": "Achtung, diese Aufzeichnung wird nach {{expiration_days}} Tag(en) gelöscht.",
"button": "Herunterladen", "button": "Herunterladen",
"warning": { "warning": {

2
src/frontend/src/locales/en/recording.json
View File

@@ -17,7 +17,7 @@
}, },
"success": { "success": {
"title": "Your recording is ready!", "title": "Your recording is ready!",
"body": "Recording of the meeting <b>{{room}}</b> from {{created_at}}.", "body": "Recording of the meeting {{room}} from {{created_at}}.",
"expiration": "Attention, this recording will expire after {{expiration_days}} day(s).", "expiration": "Attention, this recording will expire after {{expiration_days}} day(s).",
"button": "Download", "button": "Download",
"warning": { "warning": {

2
src/frontend/src/locales/fr/recording.json
View File

@@ -17,7 +17,7 @@
}, },
"success": { "success": {
"title": "Votre enregistrement est prêt !", "title": "Votre enregistrement est prêt !",
"body": "Enregistrement de la réunion <b>{{room}}</b> du {{created_at}}.", "body": "Enregistrement de la réunion {{room}} du {{created_at}}.",
"expiration": "Attention cet enregistrement expirera au bout de {{expiration_days}} jour(s).", "expiration": "Attention cet enregistrement expirera au bout de {{expiration_days}} jour(s).",
"button": "Télécharger", "button": "Télécharger",
"warning": { "warning": {

2
src/frontend/src/locales/nl/recording.json
View File

@@ -17,7 +17,7 @@
}, },
"success": { "success": {
"title": "Je opname is klaar!", "title": "Je opname is klaar!",
"body": "Opname van de vergadering <b>{{room}}</b> op {{created_at}}.", "body": "Opname van de vergadering {{room}} op {{created_at}}.",
"expiration": "Let op, deze opname verloopt na {{expiration_days}} dag(en).", "expiration": "Let op, deze opname verloopt na {{expiration_days}} dag(en).",
"button": "Downloaden", "button": "Downloaden",
"warning": { "warning": {