From f2a68764a14fe52a4b2005bc6909572d08409394 Mon Sep 17 00:00:00 2001
From: stuebinm
Date: Tue, 28 Dec 2021 21:36:10 +0100
Subject: script links can't contain @

---
 lib/Properties.hs | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'lib/Properties.hs')

diff --git a/lib/Properties.hs b/lib/Properties.hs
index 46afcb9..c4fc458 100644
--- a/lib/Properties.hs
+++ b/lib/Properties.hs
@@ -143,7 +143,9 @@ checkMapProperty p@(Property name _) = case name of
   _ | T.toLower name == "script" ->
       unwrapString p $ \str ->
         unless (("https://static.rc3.world/scripts" `isPrefixOf` str) &&
-                (not $ "/../" `isInfixOf` str))
+                (not $ "/../" `isInfixOf` str) &&
+                (not $ "%" `isInfixOf` str) &&
+                (not $ "@" `isInfixOf` str))
         $ forbid "only scripts hosted on static.rc3.world are allowed."
     | name `elem` ["jitsiRoom", "bbbRoom", "playAudio", "openWebsite"
                   , "url", "exitUrl", "silent", "getBadge"]
-- 
cgit v1.2.3