You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by rn...@apache.org on 2012/12/19 02:58:32 UTC
[2/10] git commit: Improve script url validation
Improve script url validation
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/c98a4108
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/c98a4108
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/c98a4108
Branch: refs/heads/master
Commit: c98a4108826d613658f2e396e6315770d026d1d2
Parents: a5cabbd
Author: Robert Newson <rn...@apache.org>
Authored: Tue Dec 18 15:11:41 2012 +0000
Committer: Robert Newson <rn...@apache.org>
Committed: Wed Dec 19 01:46:42 2012 +0000
----------------------------------------------------------------------
share/www/script/couch_test_runner.js | 9 +++------
1 files changed, 3 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/c98a4108/share/www/script/couch_test_runner.js
----------------------------------------------------------------------
diff --git a/share/www/script/couch_test_runner.js b/share/www/script/couch_test_runner.js
index b09aeab..c04e6b1 100644
--- a/share/www/script/couch_test_runner.js
+++ b/share/www/script/couch_test_runner.js
@@ -15,12 +15,9 @@
function loadScript(url) {
// disallow loading remote URLs
- if((url.substr(0, 7) == "http://")
- || (url.substr(0, 8) == "https://")
- || (url.substr(0, 2) == "//")
- || (url.substr(0, 5) == "data:")
- || (url.substr(0, 11) == "javascript:")) {
- throw "Not loading remote test scripts";
+ var re = /^[a-z0-9_]+(\/[a-z0-9_]+)*\.js#?$/;
+ if (!re.test(url)) {
+ throw "Not loading remote test scripts";
}
if (typeof document != "undefined") document.write('<script src="'+url+'"></script>');
};