forked from rDrama/rDrama
make approved_embed_hosts tighter + fix this https://rdrama.net/h/anime/post/162771/this-is-unironically-a-great-idea/4030880#context
parent
11ac1c8b6e
commit
d04992c712
|
@ -57,6 +57,14 @@ const image_regex_extensions = document.getElementById('IMAGE_FORMATS').value.re
|
|||
const regex_pattern = String.raw`(^|\s)(https:\/\/[\w\-.#&/=\?@%;+,:]{5,250}(\.|\?format=)(` + image_regex_extensions + String.raw`)((\?|&)[\w\-.#&/=\?@%;+,:]*)?)($|\s)`
|
||||
const compiled_regex = new RegExp(regex_pattern, "g");
|
||||
|
||||
const approved_embed_hosts = document.getElementById('approved_embed_hosts').value.replace("{'", "").replace("'}", "").split("', '")
|
||||
function replace_image(match, prefix, url) {
|
||||
if (approved_embed_hosts.some(x => url.startsWith(`https://${x}/`)))
|
||||
return `${prefix}![](${url})`
|
||||
|
||||
return match
|
||||
}
|
||||
|
||||
function markdown(t) {
|
||||
let input = t.value;
|
||||
|
||||
|
@ -119,7 +127,7 @@ function markdown(t) {
|
|||
}
|
||||
}
|
||||
|
||||
input = input.replace(compiled_regex, '$1![]($2)')
|
||||
input = input.replace(compiled_regex, replace_image)
|
||||
|
||||
input = marked(input)
|
||||
|
||||
|
|
|
@ -957,6 +957,7 @@ approved_embed_hosts = {
|
|||
# 1) Cannot point to a server controlled by a site user.
|
||||
# 2) Cannot have open redirects based on query string. (tightest constraint)
|
||||
# 3) #2 but pre-stored, ex: s.lain.la 302 with jannie DM attack.
|
||||
# 4) Use the exact subdomain.
|
||||
### TODO: Run a media proxy and kill most of these. Impossible to review.
|
||||
|
||||
### First-Party
|
||||
|
@ -967,43 +968,45 @@ approved_embed_hosts = {
|
|||
|
||||
### Third-Party Image Hosts
|
||||
# TODO: Might be able to keep these even if we media proxy?
|
||||
'imgur.com', # possibly restrict to i.imgur.com
|
||||
'imgur.io',
|
||||
'pomf2.lain.la', # DO NOT generalize to lain.la. s.lain.la open redirect
|
||||
'giphy.com', # used by the GIF Modal
|
||||
'tenor.com',
|
||||
'gfycat.com',
|
||||
'postimg.cc', # WPD chat seems to like it
|
||||
'i.imgur.com',
|
||||
'i.imgur.io',
|
||||
'pomf2.lain.la/f',
|
||||
'media.giphy.com/media', # used by the GIF Modal
|
||||
'media0.giphy.com/media',
|
||||
'media1.giphy.com/media',
|
||||
'media2.giphy.com/media',
|
||||
'media3.giphy.com/media',
|
||||
'media4.giphy.com/media',
|
||||
'media.tenor.com',
|
||||
'c.tenor.com',
|
||||
'thumbs.gfycat.com',
|
||||
'i.postimg.cc', # WPD chat seems to like it
|
||||
'files.catbox.moe',
|
||||
'b1.thefileditch.ch',
|
||||
's1.fileditch.ch',
|
||||
|
||||
### Third-Party Media
|
||||
# TODO: Preferably kill these. Media proxy.
|
||||
# DO NOT ADD: wordpress.com, wp.com (maybe) | Or frankly anything. No more.
|
||||
'redd.it', # disconcerting surface size {i, preview, external-preview, &c} but believed safe
|
||||
'redditmedia.com', # similar to above
|
||||
'twimg.com',
|
||||
'pinimg.com',
|
||||
'kiwifarms.net', # how sure are we Jersh doesn't have an open redirect?
|
||||
'upload.wikimedia.org',
|
||||
'staticflickr.com',
|
||||
'substackcdn.com',
|
||||
'wixmp.com', # image CDN: deviantart, others?
|
||||
'kym-cdn.com',
|
||||
'tumblr.com', # concerningly broad.
|
||||
'ytimg.com',
|
||||
'yt3.ggpht.com',
|
||||
'bitchute.com',
|
||||
'i.redd.it',
|
||||
'preview.redd.it',
|
||||
'external-preview.redd.it',
|
||||
'pbs.twimg.com/media',
|
||||
'i.pinimg.com',
|
||||
'kiwifarms.net/attachments',
|
||||
'uploads.kiwifarms.net/data/attachments',
|
||||
'upload.wikimedia.org/wikipedia',
|
||||
'live.staticflickr.com',
|
||||
'substackcdn.com/image',
|
||||
'i.kym-cdn.com/photos/images',
|
||||
'37.media.tumblr.com',
|
||||
'64.media.tumblr.com',
|
||||
'66.media.tumblr.com',
|
||||
'78.media.tumblr.com',
|
||||
'i.ytimg.com/vi',
|
||||
|
||||
### Third-Party Resources (For e.g. Profile Customization)
|
||||
# TODO: Any reasonable way to proxy these instead?
|
||||
'use.typekit.net', # Adobe font CDN
|
||||
'p.typekit.net', # Adobe font CDN
|
||||
'fonts.googleapis.com', # Google font CDN
|
||||
'githubusercontent.com', # using repos as media sources. no obvious exploit
|
||||
'kindpng.com',
|
||||
'pngfind.com',
|
||||
'raw.githubusercontent.com', # using repos as media sources. no obvious exploit
|
||||
}
|
||||
|
||||
|
||||
|
@ -1014,11 +1017,11 @@ def is_site_url(url):
|
|||
or url.startswith(f'{SITE_FULL}/')))
|
||||
|
||||
def is_safe_url(url):
|
||||
domain = tldextract.extract(url)
|
||||
return (is_site_url(url)
|
||||
or domain.registered_domain in approved_embed_hosts
|
||||
or domain.fqdn in approved_embed_hosts)
|
||||
|
||||
if is_site_url(url):
|
||||
return True
|
||||
if any(url.startswith(f"https://{x}/") for x in approved_embed_hosts):
|
||||
return True
|
||||
return False
|
||||
|
||||
hosts = "|".join(approved_embed_hosts).replace('.','\.')
|
||||
|
||||
|
|
|
@ -32,6 +32,7 @@
|
|||
<input hidden id="gnonce" value="{{g.nonce}}">
|
||||
<input hidden id="gbrowser" value="{{g.browser}}">
|
||||
<input hidden id="IMAGE_FORMATS" value="{{IMAGE_FORMATS}}">
|
||||
<input hidden id="approved_embed_hosts" value="{{approved_embed_hosts}}">
|
||||
<script src="{{'js/top.js' | asset}}"></script>
|
||||
{% block body required %}{% endblock %}
|
||||
{{html_head.stylesheets_lower()}}
|
||||
|
|
Loading…
Reference in New Issue