Fix XSS vulnerability by validating user input stream URL.

(cherry picked from commit 4a303bd)
video-dev · Jul 3, 2024 · 1c8f055 · 1c8f055
1 parent 7d2a971
commit 1c8f055
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/demo/main.js b/demo/main.js
@@ -303,6 +303,17 @@ function loadSelectedStream() {
 
   url = $('#streamURL').val();
 
+  // Check if the URL is valid to avoid XSS issue.
+  if (url) {
+    try {
+      new URL(url);
+    } catch (error) {
+      $('#streamURL').val('');
+      alert('Invalid URL');
+      return false;
+    }
+  }
+
   setupGlobals();
   hideCanvas();