github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-22 07:53:49 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Include /^http... prefix in onebox whitelist URLs regexes to prevent XSS.

Browse Source
This commit is contained in:
Jeremy Banks
2013-02-19 01:49:58 -05:00
committed by tms
parent ea9196a8a2
commit a7a2dcebac
9 changed files with 79 additions and 79 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/oneboxer/github_blob_onebox.rb
View File

@ -3,7 +3,7 @@ require_dependency 'oneboxer/handlebars_onebox'
module Oneboxer
class GithubBlobOnebox < HandlebarsOnebox
matcher /github\.com\/[^\/]+\/[^\/]+\/blob\/.*/
matcher /^https?:\/\/(?:www\.)?github\.com\/[^\/]+\/[^\/]+\/blob\/.*/
favicon 'github.png'
def translate_url