diff options
| author | stuebinm | 2021-12-20 00:28:00 +0100 |
|---|---|---|
| committer | stuebinm | 2021-12-20 00:28:00 +0100 |
| commit | 07bb1db91b6d775244190541f8bfd53835c404a6 (patch) | |
| tree | 6c18f313e8fa9f882c3a455cc2299044f206ca68 | |
| parent | 5060f68b9728bf94818ee985c16c25511f248143 (diff) | |
forbid opening local html files in iframes
Diffstat (limited to '')
| -rw-r--r-- | lib/Properties.hs | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/lib/Properties.hs b/lib/Properties.hs index 797a1d7..05020f5 100644 --- a/lib/Properties.hs +++ b/lib/Properties.hs @@ -225,7 +225,9 @@ checkLayer = do checkObjectProperty :: Object -> Property -> LintWriter Layer checkObjectProperty obj p@(Property name _) = case name of - "url" -> pure () + "url" -> unwrapURI (Proxy @"website") p + (dependsOn . Link) + (const $ forbid "using \"url\" to open local html files is disallowed.") "allowApi" -> forbidProperty name "getBadge" -> do when (1 /= length (getProperties obj)) @@ -329,7 +331,7 @@ checkTileLayerProperty p@(Property name _value) = case name of suggestProperty $ Property "openWebsiteTrigger" (StrProp "onaction") unwrapURI (Proxy @"website") p (dependsOn . Link) - (dependsOn . Local) + (const $ forbid "using openWebsite to access local html files is disallowed.") "openWebsiteTrigger" -> do isString p requireProperty "openWebsite" |