Ensure that roomId is validated before accessing room-based widgets.

src/ScalarMessaging.js

@@ -334,7 +334,6 @@ function setWidget(event, roomId) {
     };
 
     if (userWidget) {
-        console.warn('Adding user widget');
         const client = MatrixClientPeg.get();
         const userWidgets = client.getAccountData('m.widgets').getContent() || {};
 
@@ -357,7 +356,6 @@ function setWidget(event, roomId) {
         }
 
         client.setAccountData('m.widgets', userWidgets);
-        console.warn(`Set user widgets to:`, client.getAccountData('m.widgets'));
         sendResponse(event, {
             success: true,
         });
@@ -619,17 +617,14 @@ const onMessage = function(event) {
     const userId = event.data.user_id;
 
     // These APIs don't require roomId
+    // Get and set user widgets (not associated with a specific room)
+    // If roomId is specified, it must be validated, so room-based widgets agreed
+    // handled further down.
     if (event.data.action === "get_widgets") {
-        getWidgets(event, roomId);
+        getWidgets(event, null);
         return;
     } else if (event.data.action === "set_widget") {
-        setWidget(event, roomId);
-        return;
-    } else if (event.data.action === "add_widget_asset") {
-        addWidgetAsset(event, roomId);
-        return;
-    } else if (event.data.action === "remove_widget_asset") {
-        removeWidgetAsset(event, roomId);
+        setWidget(event, null);
         return;
     }
 
@@ -656,6 +651,15 @@ const onMessage = function(event) {
             return;
         }
 
+        // Get and set room-based widgets
+        if (event.data.action === "get_widgets") {
+            getWidgets(event, null);
+            return;
+        } else if (event.data.action === "set_widget") {
+            setWidget(event, null);
+            return;
+        }
+
         // These APIs don't require userId
         if (event.data.action === "join_rules_state") {
             getJoinRules(event, roomId);