github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-22 17:13:25 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Include /^http… prefix in onebox whitelist URLs regexes to prevent XSS.

Browse Source
This commit is contained in:
Jeremy Banks
2013-02-19 01:49:58 -05:00
parent d520771c73
commit 91f9844211
9 changed files with 78 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/oneboxer/github_blob_onebox.rb
View File

@ -3,7 +3,7 @@ require_dependency 'oneboxer/handlebars_onebox'
module Oneboxer
class GithubBlobOnebox < HandlebarsOnebox
matcher /github\.com\/[^\/]+\/[^\/]+\/blob\/.*/
matcher /^https?:\/\/(?:www\.)?github\.com\/[^\/]+\/[^\/]+\/blob\/.*/
favicon 'github.png'
def translate_url