From ecff604c8e8b82289bb6fae91b99426881b35616 Mon Sep 17 00:00:00 2001 From: f Date: Wed, 1 Feb 2023 17:09:58 -0300 Subject: [PATCH] =?UTF-8?q?fix:=20eliminar=20el=20elemento=20sin=20src=20v?= =?UTF-8?q?=C3=A1lido=20en=20un=20solo=20lugar?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/models/metadata_content.rb | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/app/models/metadata_content.rb b/app/models/metadata_content.rb index 9d3a1040..7598dc31 100644 --- a/app/models/metadata_content.rb +++ b/app/models/metadata_content.rb @@ -47,16 +47,13 @@ class MetadataContent < MetadataTemplate # Eliminar elementos sin src y comprobar su origen html.css(elements).each do |element| - unless element['src'] - element.remove - next - end - begin + raise URI::Error unless element['src'].present? + uri = URI element['src'] # No permitimos recursos externos - element.remove unless uri.scheme == 'https' && uri.hostname.end_with?(Site.domain) + raise URI::Error unless Rails.application.config.hosts.include?(uri.hostname) rescue URI::Error element.remove end