I assumed gorilla validated UTF8 for incoming text messages. In fact, the documentation states: >It is the application's responsibility to ensure that text messages >are valid UTF-8 encoded text. and this applies to both incoming and outgoing messages. Consequently, even when enforce-utf8 is enabled, it was possible to send invalid UTF8 to Ergo inside a websocket text frame. This data would be incorrectly considered valid UTF8, and could be relayed to other clients, including to websocket clients inside a text frame. The resulting frame would violate the websocket protocol, causing web clients to be disconnected.

1 year ago · 9589d019cb
--- a/irc/ircconn.go
+++ b/irc/ircconn.go
 
															
															 }
														
 
															
															 func (wc IRCWSConn) ReadLine() (line []byte, err error) {
														
 
															
															-	messageType, line, err := wc.conn.ReadMessage()
														
 
															
															+	_, line, err = wc.conn.ReadMessage()
														
 
															
															 	if err == nil {
														
 
															
															-		if messageType == websocket.BinaryMessage && !utf8.Valid(line) {
														
 
															
															+		if !utf8.Valid(line) {
														
 
															
															 			return line, errInvalidUtf8
														
 
															
															 		}
														
 
															
															 		return line, nil