From 62044ae63393e67d70a7a0dfb2c884800f93b700 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Medeiros=20da=20Silva?=
 <andre.amedeiros@mercadolivre.com>
Date: Sun, 7 Apr 2024 13:29:42 -0300
Subject: [PATCH] vulnerabilidad bug

---
 CHANGELOG.md                                               | 4 ++++
 .../LiveImages/MLBusinessLiveImagesWebView.swift           | 7 +++++--
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 64fbf009..a094b831 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,7 @@
+## [Unrelease] 
+### Changed
+- Se verifica una URL sacando la vulnerabilidade de injeción de HTML
+
 ## [1.56.2] - 2023-07-10
 ### Fixed
 - Se revierten cambios de LoyaltyCongrats para agilizar otros desarrollos
diff --git a/Source/Components/Touchpoints/LiveImages/MLBusinessLiveImagesWebView.swift b/Source/Components/Touchpoints/LiveImages/MLBusinessLiveImagesWebView.swift
index 317c6ad6..76db8584 100644
--- a/Source/Components/Touchpoints/LiveImages/MLBusinessLiveImagesWebView.swift
+++ b/Source/Components/Touchpoints/LiveImages/MLBusinessLiveImagesWebView.swift
@@ -50,6 +50,10 @@ class MLBusinessLiveImagesWebView: UIView {
     }
         
     func loadImage(from url: String) {
+        guard let urlString = URL(string: url) else {
+            return
+        }
+        
         let html = """
         <html>
         <style>
@@ -91,7 +95,7 @@ class MLBusinessLiveImagesWebView: UIView {
         </html>
         """
         
-        let imageDataString = "data:image/webp;base64, \(url)"
+        let imageDataString = "data:image/webp;base64, \(urlString)"
 
         let s = html.replacingOccurrences(of: "[URL]", with: imageDataString)
         webview.loadHTMLString(s, baseURL: nil)
@@ -109,4 +113,3 @@ extension MLBusinessLiveImagesWebView: WKNavigationDelegate {
         imageAnimationManager?.changeState(to: .readyToPlay)
     }
 }
-