duckietm/Nitro_Render_V3
1
0
Fork 0
mirror of https://github.com/duckietm/Nitro_Render_V3.git synced 2026-06-20 07:26:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

🆙 Camera Security fix / small fix for beds

Browse Source 
- Validate data URL format (must start with data:image/png)
- Validate PNG magic bytes on binary data before sending
- Enforce 2MB size limit matching server
- Add try/catch around atob() to handle invalid base64 gracefully
- Fix XSS vulnerability in editor download: replace unsafe window.open()+document.write()
  with safe anchor-based download that also validates data URL scheme
This commit is contained in:
duckietm
2026-03-18 09:21:36 +01:00
parent 19857075c0
commit 1162ff84cc
3 changed files with 64 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
packages/room/src/object/visualization/avatar/AvatarVisualization.ts
+1 -1
View File
@@ -30,7 +30,7 @@ export class AvatarVisualization extends RoomObjectSpriteVisualization implement
private static BASE_Y_SCALE: number = 1000;
private static AVATAR_SPRITE_DEFAULT_DEPTH: number = -0.01;
private static AVATAR_OWN_DEPTH_ADJUST: number = 0.001;
private static AVATAR_SPRITE_LAYING_DEPTH: number = 0.2;
private static AVATAR_SPRITE_LAYING_DEPTH: number = 0.002;
protected _data: AvatarVisualizationData;