Sutty/sutty
5
0
Fork 0
Code Issues 2 Pull requests Projects Releases Wiki Activity

Merge branch 'only-urls-allowed' into 'rails'

Browse source 
Solo permitir URLs web al sanitizar

Closes #2382

See merge request sutty/sutty!54
This commit is contained in:
Maki 2021-08-16 15:36:30 +00:00
parent 752569c8a7 0bd8a2243e
commit c1a9aaa037
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app/models/metadata_content.rb
View file

@ -56,7 +56,7 @@ class MetadataContent < MetadataTemplate
uri = URI element['src']
# No permitimos recursos externos
element.remove unless uri.hostname.end_with? Site.domain
element.remove unless uri.scheme == 'https' && uri.hostname.end_with?(Site.domain)
rescue URI::Error
element.remove
end