Merge branch 'only-urls-allowed' into 'rails'
Solo permitir URLs web al sanitizar Closes #2382 See merge request sutty/sutty!54
This commit is contained in:
commit
c1a9aaa037
1 changed files with 1 additions and 1 deletions
|
@ -56,7 +56,7 @@ class MetadataContent < MetadataTemplate
|
|||
uri = URI element['src']
|
||||
|
||||
# No permitimos recursos externos
|
||||
element.remove unless uri.hostname.end_with? Site.domain
|
||||
element.remove unless uri.scheme == 'https' && uri.hostname.end_with?(Site.domain)
|
||||
rescue URI::Error
|
||||
element.remove
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue