mirrors/etherpad-lite
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-04-25 01:46:14 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 9
etherpad-lite/src/node/handler
History
Richard Braakman e4841212a6 USERINFO_UPDATE: construct a new message for broadcast 
The server was reusing the client's message when broadcasting userinfo
updates. This would allow a malicious client to insert arbitrary fields
into a message that the other clients would trust as coming from the
server. For example, adding "disconnect" or renaming other authors.

This commit fixes it by having the server construct a new message with
known fields before broadcasting.
2012-10-11 17:29:29 +02:00
..
APIHandler.js Add listAllGroups API endpoint 2012-09-17 23:03:56 +02:00
ExportHandler.js The Big Renaming - etherpad is now an NPM module 2012-02-26 13:07:51 +01:00
ImportHandler.js You can't use $ if no jQuery is available.. Apologies for so much spam on this issue, this finally resolves #594 2012-05-23 01:01:50 +02:00
PadMessageHandler.js USERINFO_UPDATE: construct a new message for broadcast 2012-10-11 17:29:29 +02:00
SocketIORouter.js The Big Renaming - etherpad is now an NPM module 2012-02-26 13:07:51 +01:00