Skip to content
Snippets Groups Projects
Commit f2a68764 authored by stuebinm's avatar stuebinm
Browse files

script links can't contain @

parent 921a0e89
No related branches found
No related tags found
No related merge requests found
Pipeline #13224 passed
Stage: build
Stage: trigger
Show whitespace changes
Inline Side-by-side
Showing
with 3 additions and 1 deletion
lib/Properties.hs
+ 3
1
View file @ f2a68764
...@@ -143,7 +143,9 @@ checkMapProperty p@(Property name _) = case name of ...@@ -143,7 +143,9 @@ checkMapProperty p@(Property name _) = case name of
_ | T.toLower name == "script" -> _ | T.toLower name == "script" ->
unwrapString p $ \str -> unwrapString p $ \str ->
unless (("https://static.rc3.world/scripts" `isPrefixOf` str) && unless (("https://static.rc3.world/scripts" `isPrefixOf` str) &&
(not $ "/../" `isInfixOf` str)) (not $ "/../" `isInfixOf` str) &&
(not $ "%" `isInfixOf` str) &&
(not $ "@" `isInfixOf` str))
$ forbid "only scripts hosted on static.rc3.world are allowed." $ forbid "only scripts hosted on static.rc3.world are allowed."
| name `elem` ["jitsiRoom", "bbbRoom", "playAudio", "openWebsite" | name `elem` ["jitsiRoom", "bbbRoom", "playAudio", "openWebsite"
, "url", "exitUrl", "silent", "getBadge"] , "url", "exitUrl", "silent", "getBadge"]
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment

Impressum - Datenschutzerklärung