rDrama
/
rDrama
9
10
Fork 7
Code Issues Pull Requests Packages Releases Wiki Activity

better fix to ip exploit

pull/200/head
Aevann 2023-09-07 15:25:09 +03:00
parent c03b7faa67
commit 9386a55933
2 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
files/helpers/regex.py
View File

@ -129,6 +129,7 @@ twitch_regex = re.compile('(https:\/\/)?(www\.)?twitch.tv\/(.*)', flags=re.I|re.
link_fix_regex = re.compile("(\[.*?\]\()(?!http|\/)(.*?\))" + NOT_IN_CODE_OR_LINKS, flags=re.A)
css_url_regex = re.compile('url\(\s*[\'"]?([^\'"]*)', flags=re.I|re.A)
css_url2_regex = re.compile('(http[^\s]*)', flags=re.I|re.A)
linefeeds_regex = re.compile("([^\n])\n([^\n])", flags=re.A)

3
files/helpers/sanitize.py
View File

@ -804,7 +804,8 @@ def validate_css(css):
if '/*' in css:
return False, "CSS comments are not allowed!"
for i in css_url_regex.finditer(css):
matches = list(css_url_regex.finditer(css)) + list(css_url2_regex.finditer(css))
for i in matches:
url = i.group(1)
if not is_safe_url(url):
domain = tldextract.extract(url).registered_domain