Goyslop/4chan-x
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

stricter security test

Browse Source
This commit is contained in:
ccd0 2014-08-23 20:21:33 -07:00
parent ca9e147486
commit 6abbbf00e2
2 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/Archive/archives.json
View File

@ -87,5 +87,6 @@
"https": false, "https": false,
"software": "foolfuuka", "software": "foolfuuka",
"boards": ["t"], "boards": ["t"],
"files": ["t"] "files": ["t"],
"imagehosts": ["http://archive.mawa.re/"]
}] }]

4
src/General/Get.coffee
View File

@ -145,8 +145,8 @@ Get =
{media} = response {media} = response
if media then for key of media when /_link$/.test key if media then for key of media when /_link$/.test key
# Image/thumbnail URLs loaded over HTTP can be modified in transit. # Image/thumbnail URLs loaded over HTTP can be modified in transit.
# Require them to be HTTP so that no referrer is sent to them from an HTTPS page. # Require them to be from a known HTTP host so that no referrer is sent to them from an HTTPS page.
delete media[key] unless /^http:\/\//.test media[key] delete media[key] unless media[key].match(/^(http:\/\/[^\/]+\/)?/)[0] in url.archive.imagehosts
Get.parseArchivedPost response, boardID, postID, root, context Get.parseArchivedPost response, boardID, postID, root, context
return true return true
return false return false