Merge branch 'only-urls-allowed' into 'rails'
Solo permitir URLs web al sanitizar Closes #2382 See merge request sutty/sutty!54
This commit is contained in:
commit
c1a9aaa037
1 changed files with 1 additions and 1 deletions
|
@ -56,7 +56,7 @@ class MetadataContent < MetadataTemplate
|
||||||
uri = URI element['src']
|
uri = URI element['src']
|
||||||
|
|
||||||
# No permitimos recursos externos
|
# No permitimos recursos externos
|
||||||
element.remove unless uri.hostname.end_with? Site.domain
|
element.remove unless uri.scheme == 'https' && uri.hostname.end_with?(Site.domain)
|
||||||
rescue URI::Error
|
rescue URI::Error
|
||||||
element.remove
|
element.remove
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue