From b73f18419b27255942491f9839fc882601951782 Mon Sep 17 00:00:00 2001
From: lebaudantoine <lebaud.antoine131@gmail.com>
Date: Mon, 3 Mar 2025 23:59:42 +0100
Subject: [PATCH] =?UTF-8?q?=F0=9F=94=92=EF=B8=8F(frontend)=20add=20HSL=20c?=
 =?UTF-8?q?olor=20format=20validation=20in=20metadata?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Implement regex validation for HSL color format in notification metadata.
Ensures only properly formatted color values are accepted, preventing
potential injection or rendering issues from malformed color strings.
---
 .../rooms/utils/getParticipantColor.ts        | 45 +++++++++++++++----
 1 file changed, 37 insertions(+), 8 deletions(-)

diff --git a/src/frontend/src/features/rooms/utils/getParticipantColor.ts b/src/frontend/src/features/rooms/utils/getParticipantColor.ts
index f6c677d7..b58d43be 100644
--- a/src/frontend/src/features/rooms/utils/getParticipantColor.ts
+++ b/src/frontend/src/features/rooms/utils/getParticipantColor.ts
@@ -1,11 +1,40 @@
 import { Participant } from 'livekit-client'
 
-export const getParticipantColor = (
-  participant: Participant
-): undefined | string => {
-  const { metadata } = participant
-  if (!metadata) {
-    return
-  }
-  return JSON.parse(metadata)['color']
+const DEFAULT_COLOR = 'rgb(87, 44, 216)'
+
+const HSL_REGEX =
+  /^hsl\(([0-9]|[1-9][0-9]|[1-2][0-9][0-9]|3[0-5][0-9]|360),\s*([5-7][0-9]|50|75)%,\s*([2-5][0-9]|60)%\)$/
+
+function isValidHsl(colorString: string) {
+  return HSL_REGEX.test(colorString)
+}
+
+export const getParticipantColor = (participant: Participant): string => {
+  const { metadata } = participant
+
+  if (!metadata) {
+    return DEFAULT_COLOR
+  }
+
+  let parsedMetadata: unknown
+
+  try {
+    parsedMetadata = JSON.parse(metadata)
+  } catch (error) {
+    console.error('Invalid JSON in participant metadata:', error)
+    return DEFAULT_COLOR
+  }
+
+  if (!parsedMetadata || typeof parsedMetadata !== 'object') {
+    return DEFAULT_COLOR
+  }
+
+  const colorValue = (parsedMetadata as Record<string, unknown>)['color']
+
+  if (typeof colorValue !== 'string' || !isValidHsl(colorValue)) {
+    console.error('Invalid color value:', colorValue)
+    return DEFAULT_COLOR
+  }
+
+  return colorValue
 }