Improve script url validation
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/c58e2d38 Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/c58e2d38 Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/c58e2d38 Branch: refs/heads/1.3.x Commit: c58e2d38021764a81829cf5a30ad1f66834ef0e7 Parents: 7737b52 Author: Robert Newson <[email protected]> Authored: Tue Dec 18 15:11:41 2012 +0000 Committer: Robert Newson <[email protected]> Committed: Wed Dec 19 01:37:54 2012 +0000 ---------------------------------------------------------------------- share/www/script/couch_test_runner.js | 9 +++------ 1 files changed, 3 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/couchdb/blob/c58e2d38/share/www/script/couch_test_runner.js ---------------------------------------------------------------------- diff --git a/share/www/script/couch_test_runner.js b/share/www/script/couch_test_runner.js index b09aeab..c04e6b1 100644 --- a/share/www/script/couch_test_runner.js +++ b/share/www/script/couch_test_runner.js @@ -15,12 +15,9 @@ function loadScript(url) { // disallow loading remote URLs - if((url.substr(0, 7) == "http://";) - || (url.substr(0, 8) == "https://";) - || (url.substr(0, 2) == "//") - || (url.substr(0, 5) == "data:") - || (url.substr(0, 11) == "javascript:")) { - throw "Not loading remote test scripts"; + var re = /^[a-z0-9_]+(\/[a-z0-9_]+)*\.js#?$/; + if (!re.test(url)) { + throw "Not loading remote test scripts"; } if (typeof document != "undefined") document.write('<script src="'+url+'"></script>'); };
