Avoid handling blob urls in avatar as unsafe value

[okoska79]

Hi @rpaschoal!

Currently, if the url of the avatar image is something like "blob:http://..." then getting the avatar throws an exception as using an unsafe value. Unfortunatelly, because of the missing property binding, sanitizing the url does not help. However, if the src="{{user.avatar}}" in line 31 of ng-chat.component.html would be replaced by [src]="user.avatar" and the avatar would be a string | SafeResourceUrl type then it would solve the issue.

What do you think?

Thanks in advance,
Peter

[rpaschoal]

Hi @okoska79 ,

Sounds great to me! You happy in pushing a pull request for these changes so I can release it as a patch with 2.0.1 ?

If not I can do it at some point during this weekend.

I wonder if we have to follow the same approach for browserNotificationIconSource too?

Cheers!

[JosePolanco18]

I know this is not part of this issue, but please check this:
https://stackoverflow.com/questions/54894884/cant-receive-messages-from-groups-ng-chat

[rpaschoal]

@okoska79 I've just released 2.0.1 with the fix for this. There is no update on the Participant type, I'm just invoking the DOMSanitizer to bypass the URL directly from the angular template. You can check the changes on this PR #106

[rpaschoal]

@JosePolanco18 I've moved your request to another issue as it is not related to the issue being reported here. Please track it here from now on: #107

[rpaschoal]

Closing this issue as the fix was released with version 2.0.1.