Disallow !YOU! in URLs.
parent
b5b3b9dcc3
commit
8569f33b3e
|
@ -1615,7 +1615,7 @@ def is_site_url(url):
|
|||
return url and '\\' not in url and ((url.startswith('/') and not url.startswith('//')) or url.startswith(f'{SITE_FULL}/'))
|
||||
|
||||
def is_safe_url(url):
|
||||
return is_site_url(url) or tldextract.extract(url).registered_domain in approved_embed_hosts
|
||||
return (is_site_url(url) or tldextract.extract(url).registered_domain in approved_embed_hosts) and '!YOU!' not in url
|
||||
|
||||
|
||||
hosts = "|".join(approved_embed_hosts).replace('.','\.')
|
||||
|
|
Loading…
Reference in New Issue