proxmox-mirrors/proxmox-widget-toolkit
1
0
Fork 1
mirror of https://git.proxmox.com/git/proxmox-widget-toolkit synced 2025-07-25 07:26:30 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

parser: make it clearer that we mark HTTP-like URLs always as safe

Browse Source 
we should make this controllable by the user for images, while modern
browser are quite safe w.r.t. not transmitting to much info on cross
origin requests, it still might be nicer if they have some control
over this.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This commit is contained in:
Thomas Lamprecht 2023-10-03 08:44:02 +02:00
parent e21d3a40ad
commit 9ef8030535
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Parser.js
View File

@ -34,8 +34,8 @@ Ext.define('Proxmox.Markdown', {
let safeURL = false;
try {
let url = new URL(value, window.location.origin);
safeURL = _isHTTPLike(url.protocol);
if (
_isHTTPLike(url.protocol) ||
canonicalTagName === 'a' ||
(canonicalTagName === 'img' && url.protocol.toLowerCase() === 'data:')
) {