matrix-public-archive

History

Eric Eastwood f796afe55e Sanity check that we are not leaking the access token to the client (#82 ) This isn't spawning from any previous security issue. Just adding an extra check to help ensure we don't ever regress this in the future. ``` AssertionError [ERR_ASSERTION]: We should not be leaking the `config.matrixAccessToken` to the Hydrogen render function because this will reach the client! at renderHydrogenToString (matrix-public-archive\server\hydrogen-render\render-hydrogen-to-string.js:24:3) at renderHydrogenVmRenderScriptToPageHtml (matrix-public-archive\server\hydrogen-render\render-hydrogen-vm-render-script-to-page-html.js:22:36) at matrix-public-archive\server\routes\room-directory-routes.js:53:28 at processTicksAndRejections (node:internal/process/task_queues:96:5) ```		2022-10-18 02:40:40 -05:00
..
render-hydrogen-to-string-unsafe.js	Fix XSS when blatting `window.matrixPublicArchiveContext` to the page (#79 )	2022-10-13 14:36:04 -05:00
render-hydrogen-to-string.js	Sanity check that we are not leaking the access token to the client (#82 )	2022-10-18 02:40:40 -05:00
render-hydrogen-vm-render-script-to-page-html.js	Show surrounding messages for a full screen of content (#71 )	2022-09-20 16:02:09 -05:00