From 97a5126a6e42cd7a231ac4674a0ca7e56186b1af Mon Sep 17 00:00:00 2001
From: yemaw <yemaw.online@gmail.com>
Date: Wed, 3 Jul 2024 16:08:37 +0800
Subject: [PATCH] Fix XSS vulnerability by validating user input stream URL.

---
 demo/main.js | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/demo/main.js b/demo/main.js
index f3d7b2235ff..50514a9ef2e 100644
--- a/demo/main.js
+++ b/demo/main.js
@@ -303,6 +303,17 @@ function loadSelectedStream() {
 
   url = $('#streamURL').val();
 
+  // Check if the URL is valid to avoid XSS issue.
+  if (url) {
+    try {
+      new URL(url);
+    } catch (error) {
+      $('#streamURL').val('');
+      alert('Invalid URL');
+      return false;
+    }
+  }
+
   setupGlobals();
   hideCanvas();