diff options
| author | Jan Lehnardt <jan@apache.org> | 2010-11-02 22:16:54 +0000 |
|---|---|---|
| committer | Jan Lehnardt <jan@apache.org> | 2010-11-02 22:16:54 +0000 |
| commit | 4e244a75bf6b352c94a21a131b1ecdcb74e6d3e3 (patch) | |
| tree | 63a24d7d9e3d1bcba17160a022c616fd8682a1cf /share/www/script/couch_test_runner.js | |
| parent | 51741863f99edb5bd21e9991aff5d4d718ba4b50 (diff) | |
Escape URL and cookie input.
git-svn-id: https://svn.apache.org/repos/asf/couchdb/branches/1.0.x@1030262 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'share/www/script/couch_test_runner.js')
| -rw-r--r-- | share/www/script/couch_test_runner.js | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/share/www/script/couch_test_runner.js b/share/www/script/couch_test_runner.js index 451a454a..fbffbbb6 100644 --- a/share/www/script/couch_test_runner.js +++ b/share/www/script/couch_test_runner.js @@ -14,6 +14,13 @@ function loadScript(url) { + // disallow loading remote URLs + if((url.substr(0, 7) == "http://") + || (url.substr(0, 2) == "//") + || (url.substr(0, 5) == "data:") + || (url.substr(0, 11) == "javsacript:")) { + throw "Not loading remote test scripts"; + } if (typeof document != "undefined") document.write('<script src="'+url+'"></script>'); }; |