duckietm/Nitro_Render_V3
1
0
Fork 0
mirror of https://github.com/duckietm/Nitro_Render_V3.git synced 2026-06-19 15:06:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

🆙 Camera Security fix / small fix for beds

Browse Source 
- Validate data URL format (must start with data:image/png)
- Validate PNG magic bytes on binary data before sending
- Enforce 2MB size limit matching server
- Add try/catch around atob() to handle invalid base64 gracefully
- Fix XSS vulnerability in editor download: replace unsafe window.open()+document.write()
  with safe anchor-based download that also validates data URL scheme
This commit is contained in:
duckietm
2026-03-18 09:21:36 +01:00
parent 19857075c0
commit 1162ff84cc
3 changed files with 64 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
packages/camera/src/RoomCameraWidgetManager.ts
+7 -2
View File
@@ -3,7 +3,7 @@ import { GetAssetManager } from '@nitrots/assets';
import { GetConfiguration } from '@nitrots/configuration';
import { GetEventDispatcher, RoomCameraWidgetManagerEvent } from '@nitrots/events';
import { TextureUtils } from '@nitrots/utils';
import { BLEND_MODES, ColorMatrix, ColorMatrixFilter, Container, Filter, Sprite, Texture } from 'pixi.js';
import { BLEND_MODES, ColorMatrix, ColorMatrixFilter, Container, Filter, RenderTexture, Sprite, Texture } from 'pixi.js';
import { RoomCameraWidgetEffect } from './RoomCameraWidgetEffect';
const COLOR_MATRIX_OFFSET_INDICES = [4, 9, 14, 19] as const;
@@ -112,7 +112,12 @@ export class RoomCameraWidgetManager implements IRoomCameraWidgetManager
container.filters = filters;
return await TextureUtils.generateImage(container);
const resolution = texture.source.resolution || 1;
const renderTexture = RenderTexture.create({ width: texture.width, height: texture.height, resolution });
TextureUtils.writeToTexture(container, renderTexture);
return await TextureUtils.generateImage(renderTexture);
}
public get effects(): Map<string, IRoomCameraWidgetEffect>