Goyslop/4chan-x
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix potential MITM attack

Browse Source
This commit is contained in:
ccd0 2014-08-11 22:05:47 -07:00
parent 7d2dd80453
commit 95f3c16e6e
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/General/Get.coffee
View File

@ -142,6 +142,11 @@ Get =
return true return true
else if Conf['Except Archives from Encryption'] else if Conf['Except Archives from Encryption']
CrossOrigin.json url, (response) -> CrossOrigin.json url, (response) ->
{media} = response
if media then for key of media when /_link$/.test key
# Image/thumbnail URLs loaded over HTTP can be modified in transit.
# Require them to be HTTP so that no referrer is sent to them from an HTTPS page.
delete media[key] unless /^http:\/\//.test media[key]
Get.parseArchivedPost response, boardID, postID, root, context Get.parseArchivedPost response, boardID, postID, root, context
return true return true
return false return false
@ -202,7 +207,8 @@ Get =
o.file = o.file =
name: data.media.media_filename name: data.media.media_filename
timestamp: data.media.media_orig timestamp: data.media.media_orig
url: data.media.media_link or data.media.remote_media_link url: data.media.media_link or data.media.remote_media_link or
"//i.4cdn.org/#{boardID}/#{encodeURIComponent data.media[if boardID is 'f' then 'media_filename' else 'media_orig']}"
height: data.media.media_h height: data.media.media_h
width: data.media.media_w width: data.media.media_w
MD5: data.media.media_hash MD5: data.media.media_hash