mirror/webgui
1
0
Fork 0
mirror of https://github.com/unraid/webgui.git synced 2026-01-06 09:39:58 -06:00
Code Issues Packages Projects Releases Wiki Activity

fix: blob links shouldn't be external

Browse Source
This commit is contained in:
Eli Bosley
2025-05-22 13:14:04 -04:00
parent 89b3ac1275
commit 1afb7d86d1
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
emhttp/plugins/dynamix/include/DefaultPageLayout/BodyInlineJS.php
View File

@@ -335,14 +335,14 @@ $('body').on('click','a,.ca_href', function(e) {
href = href.trim();
// Sanitize href to prevent XSS
href = href.replace(/[<>"]/g, '');
if (href.match('https?://[^\.]*.(my)?unraid.net/') || href.indexOf('https://unraid.net/') == 0 || href == 'https://unraid.net' || href.indexOf('http://lime-technology.com') == 0) {
if (href.match('https?://[^\.]*.(my)?unraid.net/') || href.startsWith('https://unraid.net/') || href == 'https://unraid.net' || href.startsWith('http://lime-technology.com')) {
if (ca_href) window.open(href,target);
return;
}
if (href !== '#' && href.indexOf('javascript') !== 0) {
if (href !== '#' && !href.startsWith('javascript') && !href.startsWith('blob:')) {
var dom = isValidURL(href);
if (dom == false) {
if (href.indexOf('/') == 0) return; // all internal links start with "/"
if (href.startsWith('/')) return; // all internal links start with "/"
var baseURLpage = href.split('/');
if (gui_pages_available.includes(baseURLpage[0])) return;
}