Attempt to mitigate against performance degrading attacks.

2016-09-12 13:12:14 +02:00 · 2016-09-12 13:12:14 +02:00 · 600f98afcb
commit 600f98afcb
parent 55aa98be0a
1 changed files with 14 additions and 2 deletions
--- a/src/converse-chatview.js
+++ b/src/converse-chatview.js
@ -139,11 +139,15 @@
                    this.$content.find('div.chat-event').remove();
                },

-                showStatusNotification: function (message, keep_old) {
+                showStatusNotification: function (message, keep_old, permanent) {
                    if (!keep_old) {
                        this.clearStatusNotification();
                    }
-                    this.$content.append($('<div class="chat-info chat-event"></div>').text(message));
+                    var $el = $('<div class="chat-info"></div>').text(message);
+                    if (!permanent) {
+                        $el.addClass('chat-event');
+                    }
+                    this.$content.append($el);
                    this.scrollDown();
                },

@ -292,6 +296,14 @@
                        // are mentioned.
                        extra_classes += ' mentioned';
                    }
+                    if (text.length > 8000) {
+                        text = text.substring(0, 10) + '...';
+                        this.showStatusNotification(
+                            __("A very large message has been received."+
+                               "This might be due to an attack meant to degrade the chat performance."+
+                               "Output has been shortened."),
+                            true, true);
+                    }
                    return $(template(
                            _.extend(this.getExtraMessageTemplateAttributes(attrs), {
                                'msgid': attrs.msgid,