imterah/element-portable
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

switch back to blob urls for rendering e2e attachments

Browse source 
Based on @walle303's work at https://github.com/matrix-org/matrix-react-sdk/pull/1820
Deliberately reverts 8f778f54fd
Mitigates XSS by whitelisting the mime-types of the attachments so that malicious ones
should not be recognised and executed by the browser.
This commit is contained in:
Matthew Hodgson 2018-04-29 03:07:31 +01:00
parent 773437b049
commit 9701fd32b7
4 changed files with 73 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/components/views/messages/MAudioBody.js
View file

@ -20,7 +20,7 @@ import React from 'react';
import MFileBody from './MFileBody';
import MatrixClientPeg from '../../../MatrixClientPeg';
import { decryptFile, readBlobAsDataUri } from '../../../utils/DecryptFile';
import { decryptFile } from '../../../utils/DecryptFile';
import { _t } from '../../../languageHandler';
export default class MAudioBody extends React.Component {
@ -54,7 +54,7 @@ export default class MAudioBody extends React.Component {
let decryptedBlob;
decryptFile(content.file).then(function(blob) {
decryptedBlob = blob;
return readBlobAsDataUri(decryptedBlob);
return URL.createObjectURL(decryptedBlob);
}).done((url) => {
this.setState({
decryptedUrl: url,