matrix/matrix-react-sdk
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-react-sdk.git synced 2025-11-04 11:51:45 +03:00
Code Activity

Use data:// URI rather than blob: URI to avoid XSS

Browse Source
This commit is contained in:
Mark Haines
2016-11-04 15:39:39 +00:00
parent b69e88d4e3
commit ee1768f644
5 changed files with 37 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
src/components/views/messages/MFileBody.js
View File

@@ -22,6 +22,7 @@ var MatrixClientPeg = require('../../../MatrixClientPeg');
var sdk = require('../../../index');
var DecryptFile = require('../../../utils/DecryptFile');
module.exports = React.createClass({
displayName: 'MFileBody',
@@ -66,12 +67,10 @@ module.exports = React.createClass({
var content = this.props.mxEvent.getContent();
var self = this;
if (content.file !== undefined && this.state.decryptedUrl === null) {
DecryptFile.decryptFile(content.file).then(function(blob) {
if (!self._unmounted) {
self.setState({
decryptedUrl: window.URL.createObjectURL(blob),
});
}
DecryptFile.decryptFile(content.file).then(function(url) {
self.setState({
decryptedUrl: url,
});
}).catch(function (err) {
console.warn("Unable to decrypt attachment: ", err)
// Set a placeholder image when we can't decrypt the image.
@@ -80,13 +79,6 @@ module.exports = React.createClass({
}
},
componentWillUnmount: function() {
this._unmounted = true;
if (this.state.decryptedUrl) {
window.URL.revokeObjectURL(this.state.decryptedUrl);
}
},
render: function() {
var content = this.props.mxEvent.getContent();