mirror of
https://github.com/streamyfin/streamyfin.git
synced 2026-01-16 08:08:18 +00:00
2c0ed076d5
Sanitize WebSocket messages before logging to prevent log injection attacks. User-controlled data from WebSocket messages could contain newline characters that allow forging fake log entries. Changes: - Convert message object to JSON string and remove newlines/carriage returns - Use format specifier (%s) for safe string interpolation - Applied fix to providers/WebSocketProvider.tsx and hooks/useWebsockets.ts Resolves CodeQL security alert js/log-injection Co-authored-by: GitHub Copilot Autofix <noreply@github.com>