imterah/element-portable
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Use data:// URI rather than blob: URI to avoid XSS

Browse source
This commit is contained in:
Mark Haines 2016-11-04 15:39:39 +00:00
parent b69e88d4e3
commit ee1768f644
5 changed files with 37 additions and 59 deletions
Download patch file Download diff file Expand all files Collapse all files

25
src/components/views/messages/MVideoBody.js
View file

@ -88,21 +88,13 @@ module.exports = React.createClass({
content.info.thumbnail_file
);
}
thumbnailPromise.then(function(thumbnailBlob) {
thumbnailPromise.then(function(thumbnailUrl) {
DecryptFile.decryptFile(
content.file
).then(function(contentBlob) {
if (self._unmounted) {
return;
}
var contentUrl = window.URL.createObjectURL(contentBlob);
var thumbUrl = null;
if (thumbnailBlob) {
thumbUrl = window.URL.createObjectURL(thumbnailBlob);
}
).then(function(contentUrl) {
self.setState({
decryptedUrl: contentUrl,
decryptedThumbnailUrl: thumbUrl,
decryptedThumbnailUrl: thumbnailUrl,
});
});
}).catch(function (err) {
@ -113,17 +105,6 @@ module.exports = React.createClass({
}
},
componentWillUnmount: function() {
this._unmounted = true;
if (this.state.decryptedUrl) {
window.URL.revokeObjectURL(this.state.decryptedUrl);
}
if (this.state.decryptedThumbnailUrl) {
window.URL.revokeObjectURL(this.state.decryptedThumbnailUrl);
}
},
render: function() {
var content = this.props.mxEvent.getContent();