Goyslop/4chan-x
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

I don't think these are exploitable, but better to be safe

Browse Source
This commit is contained in:
ccd0 2014-05-08 01:44:36 -07:00
parent d3c42c25cc
commit 1ddca2a236
1 changed files with 17 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
src/Linkification/Linkify.coffee
View File

@ -286,8 +286,12 @@ Linkify =
regExp: /(http|www).*\.(gif|png|jpg|jpeg|bmp)$/ regExp: /(http|www).*\.(gif|png|jpg|jpeg|bmp)$/
style: 'border: 0; width: auto; height: auto;' style: 'border: 0; width: auto; height: auto;'
el: (a) -> el: (a) ->
$.el 'div', img = $.el 'img', src: a.dataset.href
innerHTML: "<a target=_blank href='#{a.dataset.href}'><img src='#{a.dataset.href}'></a>" link = $.el 'a', {target: '_blank', href: a.dataset.href}
div = $.el 'div'
$.add link, img
$.add div, link
div
, ,
key: 'InstallGentoo' key: 'InstallGentoo'
regExp: /.*(?:paste.installgentoo.com\/view\/)([0-9a-z_]+)/ regExp: /.*(?:paste.installgentoo.com\/view\/)([0-9a-z_]+)/
@ -319,7 +323,7 @@ Linkify =
el = $.el 'div' el = $.el 'div'
$.cache "https://mediacru.sh/#{a.dataset.uid}.json", -> $.cache "https://mediacru.sh/#{a.dataset.uid}.json", ->
{status} = @ {status} = @
return div.innerHTML = "ERROR #{status}" unless status in [200, 304] return div.textContent = "ERROR #{status}" unless status in [200, 304]
{files} = @response {files} = @response
for type in ['video/mp4', 'video/ogv', 'image/svg+xml', 'image/png', 'image/gif', 'image/jpeg', 'image/svg', 'audio/mpeg'] for type in ['video/mp4', 'video/ogv', 'image/svg+xml', 'image/png', 'image/gif', 'image/jpeg', 'image/svg', 'audio/mpeg']
for file in files for file in files
@ -327,19 +331,23 @@ Linkify =
embed = file embed = file
break break
break if embed break if embed
return div.innerHTML = "ERROR: Not a valid filetype" unless embed return div.textContent = "ERROR: Not a valid filetype" unless embed
el.innerHTML = switch embed.type switch embed.type
when 'video/mp4', 'video/ogv' then """ when 'video/mp4', 'video/ogv'
el.innerHTML = """
<video autoplay loop> <video autoplay loop>
<source src="https://mediacru.sh/#{a.dataset.uid}.mp4" type="video/mp4;"> <source src="https://mediacru.sh/#{a.dataset.uid}.mp4" type="video/mp4;">
<source src="https://mediacru.sh/#{a.dataset.uid}.ogv" type="video/ogg; codecs='theora, vorbis'"> <source src="https://mediacru.sh/#{a.dataset.uid}.ogv" type="video/ogg; codecs='theora, vorbis'">
</video>""" </video>"""
when 'image/png', 'image/gif', 'image/jpeg', 'image/svg', 'image/svg+xml' when 'image/png', 'image/gif', 'image/jpeg', 'image/svg', 'image/svg+xml'
"<a target=_blank href='#{a.dataset.href}'><img src='https://mediacru.sh/#{file.file}'></a>" $.add el, $.el 'a',
target: '_blank'
href: a.dataset.href
innerHTML: "<img src='https://mediacru.sh/#{file.file}'>"
when 'audio/mpeg' when 'audio/mpeg'
"<audio controls><source src='https://mediacru.sh/#{file.file}'></audio>" el.innerHTML = "<audio controls><source src='https://mediacru.sh/#{file.file}'></audio>"
else else
"ERROR: No valid filetype." el.textContent = "ERROR: No valid filetype."
el el
, ,
key: 'pastebin' key: 'pastebin'