forked from MarseyWorld/MarseyWorld
better fix to ip exploit
parent
c03b7faa67
commit
9386a55933
|
@ -129,6 +129,7 @@ twitch_regex = re.compile('(https:\/\/)?(www\.)?twitch.tv\/(.*)', flags=re.I|re.
|
||||||
link_fix_regex = re.compile("(\[.*?\]\()(?!http|\/)(.*?\))" + NOT_IN_CODE_OR_LINKS, flags=re.A)
|
link_fix_regex = re.compile("(\[.*?\]\()(?!http|\/)(.*?\))" + NOT_IN_CODE_OR_LINKS, flags=re.A)
|
||||||
|
|
||||||
css_url_regex = re.compile('url\(\s*[\'"]?([^\'"]*)', flags=re.I|re.A)
|
css_url_regex = re.compile('url\(\s*[\'"]?([^\'"]*)', flags=re.I|re.A)
|
||||||
|
css_url2_regex = re.compile('(http[^\s]*)', flags=re.I|re.A)
|
||||||
|
|
||||||
linefeeds_regex = re.compile("([^\n])\n([^\n])", flags=re.A)
|
linefeeds_regex = re.compile("([^\n])\n([^\n])", flags=re.A)
|
||||||
|
|
||||||
|
|
|
@ -804,7 +804,8 @@ def validate_css(css):
|
||||||
if '/*' in css:
|
if '/*' in css:
|
||||||
return False, "CSS comments are not allowed!"
|
return False, "CSS comments are not allowed!"
|
||||||
|
|
||||||
for i in css_url_regex.finditer(css):
|
matches = list(css_url_regex.finditer(css)) + list(css_url2_regex.finditer(css))
|
||||||
|
for i in matches:
|
||||||
url = i.group(1)
|
url = i.group(1)
|
||||||
if not is_safe_url(url):
|
if not is_safe_url(url):
|
||||||
domain = tldextract.extract(url).registered_domain
|
domain = tldextract.extract(url).registered_domain
|
||||||
|
|
Loading…
Reference in New Issue