Commit 600f98af authored by JC Brand's avatar JC Brand

Attempt to mitigate against performance degrading attacks.

parent 55aa98be
...@@ -139,11 +139,15 @@ ...@@ -139,11 +139,15 @@
this.$content.find('div.chat-event').remove(); this.$content.find('div.chat-event').remove();
}, },
showStatusNotification: function (message, keep_old) { showStatusNotification: function (message, keep_old, permanent) {
if (!keep_old) { if (!keep_old) {
this.clearStatusNotification(); this.clearStatusNotification();
} }
this.$content.append($('<div class="chat-info chat-event"></div>').text(message)); var $el = $('<div class="chat-info"></div>').text(message);
if (!permanent) {
$el.addClass('chat-event');
}
this.$content.append($el);
this.scrollDown(); this.scrollDown();
}, },
...@@ -292,6 +296,14 @@ ...@@ -292,6 +296,14 @@
// are mentioned. // are mentioned.
extra_classes += ' mentioned'; extra_classes += ' mentioned';
} }
if (text.length > 8000) {
text = text.substring(0, 10) + '...';
this.showStatusNotification(
__("A very large message has been received."+
"This might be due to an attack meant to degrade the chat performance."+
"Output has been shortened."),
true, true);
}
return $(template( return $(template(
_.extend(this.getExtraMessageTemplateAttributes(attrs), { _.extend(this.getExtraMessageTemplateAttributes(attrs), {
'msgid': attrs.msgid, 'msgid': attrs.msgid,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment