Skip to content

Commit

Permalink
vulnerabilidad bug
Browse files Browse the repository at this point in the history
  • Loading branch information
ndmedeiros committed Apr 7, 2024
1 parent 4eb3579 commit 62044ae
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 2 deletions.
4 changes: 4 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
## [Unrelease]
### Changed
- Se verifica una URL sacando la vulnerabilidade de injeción de HTML

## [1.56.2] - 2023-07-10
### Fixed
- Se revierten cambios de LoyaltyCongrats para agilizar otros desarrollos
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,10 @@ class MLBusinessLiveImagesWebView: UIView {
}

func loadImage(from url: String) {
guard let urlString = URL(string: url) else {
return
}

let html = """
<html>
<style>
Expand Down Expand Up @@ -91,7 +95,7 @@ class MLBusinessLiveImagesWebView: UIView {
</html>
"""

let imageDataString = "data:image/webp;base64, \(url)"
let imageDataString = "data:image/webp;base64, \(urlString)"

let s = html.replacingOccurrences(of: "[URL]", with: imageDataString)
webview.loadHTMLString(s, baseURL: nil)
Expand All @@ -109,4 +113,3 @@ extension MLBusinessLiveImagesWebView: WKNavigationDelegate {
imageAnimationManager?.changeState(to: .readyToPlay)
}
}

0 comments on commit 62044ae

Please sign in to comment.