diff options
author | stuebinm | 2021-12-28 21:36:10 +0100 |
---|---|---|
committer | stuebinm | 2022-01-02 01:55:49 +0100 |
commit | 520e94e98f4c03bc738c4903ac53b83b08beb975 (patch) | |
tree | 3661c95ddd6421ee30f73b9af0951924522f1f7a /lib | |
parent | d97398332e7747ec06d0a17cb1458c6d048b39a1 (diff) |
script links can't contain @
Diffstat (limited to 'lib')
-rw-r--r-- | lib/Properties.hs | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/Properties.hs b/lib/Properties.hs index 46afcb9..c4fc458 100644 --- a/lib/Properties.hs +++ b/lib/Properties.hs @@ -143,7 +143,9 @@ checkMapProperty p@(Property name _) = case name of _ | T.toLower name == "script" -> unwrapString p $ \str -> unless (("https://static.rc3.world/scripts" `isPrefixOf` str) && - (not $ "/../" `isInfixOf` str)) + (not $ "/../" `isInfixOf` str) && + (not $ "%" `isInfixOf` str) && + (not $ "@" `isInfixOf` str)) $ forbid "only scripts hosted on static.rc3.world are allowed." | name `elem` ["jitsiRoom", "bbbRoom", "playAudio", "openWebsite" , "url", "exitUrl", "silent", "getBadge"] |