From f94d84b0440cc1873d2d1b28ac4c7eea817527b8 Mon Sep 17 00:00:00 2001
From: Tulir Asokan <tulir@maunium.net>
Date: Mon, 13 Jan 2025 18:13:06 +0200
Subject: [PATCH] web/timeline: add validation for per-message profiles

---
 web/src/ui/timeline/content/index.ts | 10 +++++++++-
 web/src/util/validation.ts           |  2 +-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/web/src/ui/timeline/content/index.ts b/web/src/ui/timeline/content/index.ts
index 7bd981b..221c6bd 100644
--- a/web/src/ui/timeline/content/index.ts
+++ b/web/src/ui/timeline/content/index.ts
@@ -118,5 +118,13 @@ export function getPerMessageProfile(evt: MemDBEvent | null): BeeperPerMessagePr
 	if (evt === null || evt.type !== "m.room.message" && evt.type !== "m.sticker") {
 		return undefined
 	}
-	return (evt.content as MessageEventContent)["com.beeper.per_message_profile"]
+	const profile = (evt.content as MessageEventContent)["com.beeper.per_message_profile"]
+	if (profile?.displayname && typeof profile.displayname !== "string") {
+		return undefined
+	} else if (profile?.avatar_url && typeof profile.avatar_url !== "string") {
+		return undefined
+	} else if (profile?.id && typeof profile.id !== "string") {
+		return undefined
+	}
+	return profile
 }
diff --git a/web/src/util/validation.ts b/web/src/util/validation.ts
index 260f94d..db5933a 100644
--- a/web/src/util/validation.ts
+++ b/web/src/util/validation.ts
@@ -88,7 +88,7 @@ export function getServerName(userID: UserID): string {
 }
 
 export function getDisplayname(userID: UserID, profile?: UserProfile | null): string {
-	return profile?.displayname || getLocalpart(userID)
+	return ensureString(profile?.displayname) || getLocalpart(userID)
 }
 
 export function parseMXC(mxc: unknown): [string, string] | [] {