[mirotalk] - fix hyperlinks in the chat

Author: miroslavpejic85

app/src/server.js

@@ -45,7 +45,7 @@ dependencies: {
  * @license For commercial use or closed source, contact us at [email protected] or purchase directly from CodeCanyon
  * @license CodeCanyon: https://codecanyon.net/item/mirotalk-p2p-webrtc-realtime-video-conferences/38376661
  * @author  Miroslav Pejic - [email protected]
- * @version 1.5.08
+ * @version 1.5.09
  *
  */
 

app/src/xss.js

@@ -14,7 +14,7 @@ const log = new Logger('Xss');
 // Configure DOMPurify
 purify.setConfig({
     ALLOWED_TAGS: ['a', 'img', 'div', 'span', 'svg', 'g', 'p'], // Allow specific tags
-    ALLOWED_ATTR: ['href', 'src', 'title', 'id', 'class', 'target'], // Allow specific attributes
+    ALLOWED_ATTR: ['href', 'src', 'title', 'id', 'class', 'target', 'width', 'height'], // Allow specific attributes
     ALLOWED_URI_REGEXP: /^(?!data:|javascript:|vbscript:|file:|view-source:).*/, // Disallow dangerous URIs
 });
 

package.json

@@ -1,6 +1,6 @@
 {
     "name": "mirotalk",
-    "version": "1.5.08",
+    "version": "1.5.09",
     "description": "A free WebRTC browser-based video call",
     "main": "server.js",
     "scripts": {
@@ -43,7 +43,7 @@
     "dependencies": {
         "@mattermost/client": "10.7.0",
         "@ngrok/ngrok": "1.5.1",
-        "@sentry/node": "^9.17.0",
+        "@sentry/node": "^9.19.0",
         "axios": "^1.9.0",
         "chokidar": "^4.0.3",
         "colors": "^1.4.0",

public/js/brand.js

@@ -73,7 +73,7 @@ let brand = {
     },
     about: {
         imageUrl: '../images/mirotalk-logo.gif',
-        title: 'WebRTC P2P v1.5.08',
+        title: 'WebRTC P2P v1.5.09',
         html: `
             <button 
                 id="support-button" 

public/js/client.js

@@ -15,7 +15,7 @@
  * @license For commercial use or closed source, contact us at [email protected] or purchase directly from CodeCanyon
  * @license CodeCanyon: https://codecanyon.net/item/mirotalk-p2p-webrtc-realtime-video-conferences/38376661
  * @author  Miroslav Pejic - [email protected]
- * @version 1.5.08
+ * @version 1.5.09
  *
  */
 
@@ -8457,12 +8457,14 @@ function isValidHttpURL(input) {
  * @param {string} url to check
  * @returns {boolean} true/false
  */
-async function isImageURL(url) {
+function isImageURL(input) {
+    if (!input || typeof input !== 'string') return false;
     try {
-        const response = await fetch(url, { method: 'HEAD' });
-        const contentType = response.headers.get('content-type');
-        return contentType && contentType.startsWith('image/');
-    } catch {
+        const url = new URL(input);
+        return ['.jpg', '.jpeg', '.png', '.gif', '.webp', '.bmp', '.tiff', '.svg'].some((ext) =>
+            url.pathname.toLowerCase().endsWith(ext),
+        );
+    } catch (e) {
         return false;
     }
 }
@@ -11158,7 +11160,7 @@ function showAbout() {
     Swal.fire({
         background: swBg,
         position: 'center',
-        title: brand.about?.title && brand.about.title.trim() !== '' ? brand.about.title : 'WebRTC P2P v1.5.08',
+        title: brand.about?.title && brand.about.title.trim() !== '' ? brand.about.title : 'WebRTC P2P v1.5.09',
         imageUrl: brand.about?.imageUrl && brand.about.imageUrl.trim() !== '' ? brand.about.imageUrl : images.about,
         customClass: { image: 'img-about' },
         html: `