Sutty/panel
5
0
Fork 0
mirror of https://0xacab.org/sutty/sutty synced 2024-11-16 08:21:41 +00:00
Code Issues Projects Releases Wiki Activity

Solo permitir URLs web al sanitizar

Browse source 
fixes #2382
This commit is contained in:
f 2021-08-11 10:25:05 -03:00
parent 312df05a84
commit 0bd8a2243e
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app/models/metadata_content.rb
View file

@ -56,7 +56,7 @@ class MetadataContent < MetadataTemplate
uri = URI element['src']
# No permitimos recursos externos
element.remove unless uri.hostname.end_with? Site.domain
element.remove unless uri.scheme == 'https' && uri.hostname.end_with?(Site.domain)
rescue URI::Error
element.remove
end