summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorstuebinm2021-12-28 21:36:10 +0100
committerstuebinm2022-01-02 01:55:49 +0100
commit520e94e98f4c03bc738c4903ac53b83b08beb975 (patch)
tree3661c95ddd6421ee30f73b9af0951924522f1f7a /lib
parentd97398332e7747ec06d0a17cb1458c6d048b39a1 (diff)
script links can't contain @
Diffstat (limited to 'lib')
-rw-r--r--lib/Properties.hs4
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/Properties.hs b/lib/Properties.hs
index 46afcb9..c4fc458 100644
--- a/lib/Properties.hs
+++ b/lib/Properties.hs
@@ -143,7 +143,9 @@ checkMapProperty p@(Property name _) = case name of
_ | T.toLower name == "script" ->
unwrapString p $ \str ->
unless (("https://static.rc3.world/scripts" `isPrefixOf` str) &&
- (not $ "/../" `isInfixOf` str))
+ (not $ "/../" `isInfixOf` str) &&
+ (not $ "%" `isInfixOf` str) &&
+ (not $ "@" `isInfixOf` str))
$ forbid "only scripts hosted on static.rc3.world are allowed."
| name `elem` ["jitsiRoom", "bbbRoom", "playAudio", "openWebsite"
, "url", "exitUrl", "silent", "getBadge"]