skorotkiewicz/rDrama
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

disallow url()

Browse source
This commit is contained in:
justcool393 2023-02-25 15:51:30 -06:00 committed by Ben Rog-Wilhelm
parent 71406da834
commit e61e35226d
3 changed files with 16 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

13
files/helpers/const.py
View file

@ -270,23 +270,12 @@ approved_embed_hosts = [
]
hosts = "|".join(approved_embed_hosts).replace('.','\\.')
image_check_regex = re.compile(f'!\\[\\]\\(((?!(https:\\/\\/([a-z0-9-]+\\.)*({hosts})\\/|\\/)).*?)\\)', flags=re.A)
embed_fullmatch_regex = re.compile(f'https:\\/\\/([a-z0-9-]+\\.)*({hosts})\\/[\\w:~,()\\-.#&\\/=?@%;+]*', flags=re.A)
video_sub_regex = re.compile(f'(<p>[^<]*)(https:\\/\\/([a-z0-9-]+\\.)*({hosts})\\/[\\w:~,()\\-.#&\\/=?@%;+]*?\\.(mp4|webm|mov))', flags=re.A)
youtube_regex = re.compile('(<p>[^<]*)(https:\\/\\/youtube\\.com\\/watch\\?v\\=([a-z0-9-_]{5,20})[\\w\\-.#&/=\\?@%+]*)', flags=re.I|re.A)
yt_id_regex = re.compile('[a-z0-9-_]{5,20}', flags=re.I|re.A)
image_regex = re.compile("(^|\\s)(https:\\/\\/[\\w\\-.#&/=\\?@%;+]{5,250}(\\.png|\\.jpg|\\.jpeg|\\.gif|\\.webp|maxwidth=9999|fidelity=high))($|\\s)", flags=re.I|re.A)
procoins_li = (0,2500,5000,10000,25000,50000,125000,250000)
linefeeds_regex = re.compile("([^\\n])\\n([^\\n])", flags=re.A)
html_title_regex = re.compile("<title>(.{1,200})</title>", flags=re.I)
from files.helpers.regex import *
def make_name(*args, **kwargs): return request.base_url

13
files/helpers/regex.py Normal file
View file

@ -0,0 +1,13 @@
import re
youtube_regex = re.compile('(<p>[^<]*)(https:\\/\\/youtube\\.com\\/watch\\?v\\=([a-z0-9-_]{5,20})[\\w\\-.#&/=\\?@%+]*)', flags=re.I|re.A)
yt_id_regex = re.compile('[a-z0-9-_]{5,20}', flags=re.I|re.A)
image_regex = re.compile("(^|\\s)(https:\\/\\/[\\w\\-.#&/=\\?@%;+]{5,250}(\\.png|\\.jpg|\\.jpeg|\\.gif|\\.webp|maxwidth=9999|fidelity=high))($|\\s)", flags=re.I|re.A)
linefeeds_regex = re.compile("([^\\n])\\n([^\\n])", flags=re.A)
html_title_regex = re.compile(r"<title>(.{1,200})</title>", flags=re.I)
css_url_regex = re.compile(r'url\(\s*[\'"]?(.*?)[\'"]?\s*\)', flags=re.I|re.A)

2
files/helpers/sanitize.py
View file

@ -13,6 +13,7 @@ from random import random, choice
import gevent
import time
import requests
from files.helpers.regex import *
from files.__main__ import app
TLDS = ('ac','ad','ae','aero','af','ag','ai','al','am','an','ao','aq','ar',
@ -378,4 +379,5 @@ def validate_css(css:str) -> tuple[bool, str]:
'''
if '</style' in css.lower(): return False, "Invalid CSS"
if '@import' in css.lower(): return False, "@import statements are not allowed"
if css_url_regex.search(css): return False, "External URL imports are not allowed"
return True, ""