5
0
Fork 0
mirror of https://0xacab.org/sutty/sutty synced 2024-11-16 12:21:43 +00:00

Merge branch 'only-urls-allowed' into 'rails'

Solo permitir URLs web al sanitizar

Closes #2382

See merge request sutty/sutty!54
This commit is contained in:
Maki 2021-08-16 15:36:30 +00:00
commit c1a9aaa037

View file

@ -56,7 +56,7 @@ class MetadataContent < MetadataTemplate
uri = URI element['src'] uri = URI element['src']
# No permitimos recursos externos # No permitimos recursos externos
element.remove unless uri.hostname.end_with? Site.domain element.remove unless uri.scheme == 'https' && uri.hostname.end_with?(Site.domain)
rescue URI::Error rescue URI::Error
element.remove element.remove
end end