summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/Properties.hs4
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/Properties.hs b/lib/Properties.hs
index 46afcb9..c4fc458 100644
--- a/lib/Properties.hs
+++ b/lib/Properties.hs
@@ -143,7 +143,9 @@ checkMapProperty p@(Property name _) = case name of
_ | T.toLower name == "script" ->
unwrapString p $ \str ->
unless (("https://static.rc3.world/scripts" `isPrefixOf` str) &&
- (not $ "/../" `isInfixOf` str))
+ (not $ "/../" `isInfixOf` str) &&
+ (not $ "%" `isInfixOf` str) &&
+ (not $ "@" `isInfixOf` str))
$ forbid "only scripts hosted on static.rc3.world are allowed."
| name `elem` ["jitsiRoom", "bbbRoom", "playAudio", "openWebsite"
, "url", "exitUrl", "silent", "getBadge"]