better fix to ip exploit

master
Aevann 2023-09-07 15:25:09 +03:00
parent c03b7faa67
commit 9386a55933
2 changed files with 3 additions and 1 deletions

View File

@ -129,6 +129,7 @@ twitch_regex = re.compile('(https:\/\/)?(www\.)?twitch.tv\/(.*)', flags=re.I|re.
link_fix_regex = re.compile("(\[.*?\]\()(?!http|\/)(.*?\))" + NOT_IN_CODE_OR_LINKS, flags=re.A) link_fix_regex = re.compile("(\[.*?\]\()(?!http|\/)(.*?\))" + NOT_IN_CODE_OR_LINKS, flags=re.A)
css_url_regex = re.compile('url\(\s*[\'"]?([^\'"]*)', flags=re.I|re.A) css_url_regex = re.compile('url\(\s*[\'"]?([^\'"]*)', flags=re.I|re.A)
css_url2_regex = re.compile('(http[^\s]*)', flags=re.I|re.A)
linefeeds_regex = re.compile("([^\n])\n([^\n])", flags=re.A) linefeeds_regex = re.compile("([^\n])\n([^\n])", flags=re.A)

View File

@ -804,7 +804,8 @@ def validate_css(css):
if '/*' in css: if '/*' in css:
return False, "CSS comments are not allowed!" return False, "CSS comments are not allowed!"
for i in css_url_regex.finditer(css): matches = list(css_url_regex.finditer(css)) + list(css_url2_regex.finditer(css))
for i in matches:
url = i.group(1) url = i.group(1)
if not is_safe_url(url): if not is_safe_url(url):
domain = tldextract.extract(url).registered_domain domain = tldextract.extract(url).registered_domain