mj-saunders
/
epicyon
forked from indymedia/epicyon
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

reject localhost in markup

alt-html-css
Bob Mottram 2020-12-12 20:53:16 +00:00
parent dff6fe932a
commit 249cc1ab5a
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
content.py
View File

@ -163,7 +163,7 @@ def dangerousMarkup(content: str, allowLocalNetworkAccess: bool) -> bool:
contentSections = content.split('<') contentSections = content.split('<')
invalidPartials = () invalidPartials = ()
if not allowLocalNetworkAccess: if not allowLocalNetworkAccess:
invalidPartials = ('127.0.', '192.168', '10.0.') invalidPartials = ('localhost', '127.0.', '192.168', '10.0.')
invalidStrings = ('script', 'canvas', 'style', 'abbr', invalidStrings = ('script', 'canvas', 'style', 'abbr',
'frame', 'iframe', 'html', 'body', 'frame', 'iframe', 'html', 'body',
'hr', 'allow-popups', 'allow-scripts') 'hr', 'allow-popups', 'allow-scripts')