rDrama
/
rDrama
9
10
Fork 7
Code Issues Pull Requests Packages Releases Wiki Activity

Disallow !YOU! in URLs.

pull/49/head
float trip 2022-12-05 21:13:26 +00:00
parent b5b3b9dcc3
commit 8569f33b3e
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
files/helpers/const.py
View File

@ -1615,7 +1615,7 @@ def is_site_url(url):
return url and '\\' not in url and ((url.startswith('/') and not url.startswith('//')) or url.startswith(f'{SITE_FULL}/'))
def is_safe_url(url):
return is_site_url(url) or tldextract.extract(url).registered_domain in approved_embed_hosts
return (is_site_url(url) or tldextract.extract(url).registered_domain in approved_embed_hosts) and '!YOU!' not in url
hosts = "|".join(approved_embed_hosts).replace('.','\.')