gerudo
/
rDrama
forked from rDrama/rDrama
1
0
Fork 0
Code Pull Requests Activity

fix this https://rdrama.net/@TheDunceonMaster/wall/comment/4142982#context

master
Aevann 2023-05-12 22:30:47 +03:00
parent aca1ac2801
commit 32772ce1e9
1 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
files/helpers/sanitize.py
View File

@ -509,12 +509,16 @@ def sanitize(sanitized, golden=True, limit_pings=0, showmore=True, count_emojis=
href = link.get("href")
if not href: continue
#\ in href right after / makes most browsers ditch site hostname and allows for a host injection bypassing the check, see <a href="/\google.com">cool</a>
if "\\" in href:
link.string = href
del link["href"]
continue
domain = tldextract.extract(href).registered_domain
#\ in href right after / makes most browsers ditch site hostname and allows for a host injection bypassing the check, see <a href="/\google.com">cool</a>
if ("\\" in href
#https://rdrama.net/post/78376/reminder-of-the-fact-that-our/2150032#context
or not allowed_domain_regex.fullmatch(domain)):
#don't allow something like this https://rdrama.net/post/78376/reminder-of-the-fact-that-our/2150032#context
if domain and not allowed_domain_regex.fullmatch(domain):
link.string = href
del link["href"]
continue