I assumed gorilla validated UTF8 for incoming text messages. In fact, the documentation states: >It is the application's responsibility to ensure that text messages >are valid UTF-8 encoded text. and this applies to both incoming and outgoing messages. Consequently, even when enforce-utf8 is enabled, it was possible to send invalid UTF8 to Ergo inside a websocket text frame. This data would be incorrectly considered valid UTF8, and could be relayed to other clients, including to websocket clients inside a text frame. The resulting frame would violate the websocket protocol, causing web clients to be disconnected.

1 year ago · 9589d019cb
--- a/irc/ircconn.go
+++ b/irc/ircconn.go
@@ -128,9 +128,9 @@ func (wc IRCWSConn) WriteLines(buffers [][]byte) (err error) {
 
				
				 }
			
 
				
				 
			
 
				
				 func (wc IRCWSConn) ReadLine() (line []byte, err error) {
			
 
				
				-	messageType, line, err := wc.conn.ReadMessage()
			
 
				
				+	_, line, err = wc.conn.ReadMessage()
			
 
				
				 	if err == nil {
			
 
				
				-		if messageType == websocket.BinaryMessage && !utf8.Valid(line) {
			
 
				
				+		if !utf8.Valid(line) {
			
 
				
				 			return line, errInvalidUtf8
			
 
				
				 		}
			
 
				
				 		return line, nil