fix: primitive 17: note same-origin identifier validation can be bypassed by wrapping the id in an array

This commit is contained in:
Laura Hausmann 2024-10-24 04:18:49 +02:00 committed by Julia Johannesen
parent b74e2e9167
commit 4d925fc086
No known key found for this signature in database
GPG Key ID: 4A1377AF3E7FBC46

View File

@ -426,6 +426,9 @@ export class ApInboxService {
return 'skip: host in actor.uri !== note.id'; return 'skip: host in actor.uri !== note.id';
} }
} }
else {
return 'skip: note.id is not a string'
}
} }
const unlock = await this.appLockService.getApLock(uri); const unlock = await this.appLockService.getApLock(uri);