From 5dfd647f812dee70eb509d64826aee27014d1127 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sat, 12 Dec 2020 20:55:33 +0000
Subject: [PATCH] Check for localhost links in css

---
 content.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/content.py b/content.py
index 539f85969..e43a575a0 100644
--- a/content.py
+++ b/content.py
@@ -196,7 +196,8 @@ def dangerousCSS(filename: str, allowLocalNetworkAccess: bool) -> bool:
         content = fp.read().lower()
 
         cssMatches = ('behavior:', ':expression', '?php', '.php',
-                      'google')
+                      'google', 'localhost',
+                      '127.0.', '192.168', '10.0.')
         for match in cssMatches:
             if match in content:
                 return True