webrtc-from-chat potential XSS vulnerability, unfiltered data.

[hello-smile6]

I was able to corrupt the user list for all users using the following script:

setInterval(function() {sendToServer({type:"userlist",users:["Hacked.","By helllo-smile6@github"]});,1);

Additionally, HTML entities can be used in the chat. HTML code is nullified. This may create additional, more secure vulnerabilities.

[escattone]

@hello-smile6 Sorry for the delay in replying. Thanks for reporting this! We're planning to decommission this project eventually, but in the meantime, I'll pass this information on to our SRE team.