Improve script url validation
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/8cb48783 Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/8cb48783 Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/8cb48783 Branch: refs/heads/1.1.x Commit: 8cb48783be7c570314aa616af94720efd06fd22b Parents: 731aa6b Author: Robert Newson <[email protected]> Authored: Tue Dec 18 15:11:41 2012 +0000 Committer: Robert Newson <[email protected]> Committed: Wed Dec 19 01:23:20 2012 +0000 ---------------------------------------------------------------------- share/www/script/couch_test_runner.js | 8 +++----- 1 files changed, 3 insertions(+), 5 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/couchdb/blob/8cb48783/share/www/script/couch_test_runner.js ---------------------------------------------------------------------- diff --git a/share/www/script/couch_test_runner.js b/share/www/script/couch_test_runner.js index e14640b..f451602 100644 --- a/share/www/script/couch_test_runner.js +++ b/share/www/script/couch_test_runner.js @@ -15,11 +15,9 @@ function loadScript(url) { // disallow loading remote URLs - if((url.substr(0, 7) == "http://";) - || (url.substr(0, 2) == "//") - || (url.substr(0, 5) == "data:") - || (url.substr(0, 11) == "javascript:")) { - throw "Not loading remote test scripts"; + var re = /^[a-z0-9_]+(\/[a-z0-9_]+)*\.js#?$/; + if (!re.test(url)) { + throw "Not loading remote test scripts"; } if (typeof document != "undefined") document.write('<script src="'+url+'"></script>'); };
