You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by rn...@apache.org on 2012/12/19 02:58:32 UTC
[8/10] git commit: Improve script url validation
Improve script url validation
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/8cb48783
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/8cb48783
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/8cb48783
Branch: refs/heads/1.1.x
Commit: 8cb48783be7c570314aa616af94720efd06fd22b
Parents: 731aa6b
Author: Robert Newson <rn...@apache.org>
Authored: Tue Dec 18 15:11:41 2012 +0000
Committer: Robert Newson <rn...@apache.org>
Committed: Wed Dec 19 01:23:20 2012 +0000
----------------------------------------------------------------------
share/www/script/couch_test_runner.js | 8 +++-----
1 files changed, 3 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/8cb48783/share/www/script/couch_test_runner.js
----------------------------------------------------------------------
diff --git a/share/www/script/couch_test_runner.js b/share/www/script/couch_test_runner.js
index e14640b..f451602 100644
--- a/share/www/script/couch_test_runner.js
+++ b/share/www/script/couch_test_runner.js
@@ -15,11 +15,9 @@
function loadScript(url) {
// disallow loading remote URLs
- if((url.substr(0, 7) == "http://")
- || (url.substr(0, 2) == "//")
- || (url.substr(0, 5) == "data:")
- || (url.substr(0, 11) == "javascript:")) {
- throw "Not loading remote test scripts";
+ var re = /^[a-z0-9_]+(\/[a-z0-9_]+)*\.js#?$/;
+ if (!re.test(url)) {
+ throw "Not loading remote test scripts";
}
if (typeof document != "undefined") document.write('<script src="'+url+'"></script>');
};