From 871e2617e32fb305b9a4e16e560e270a7ef84ffc Mon Sep 17 00:00:00 2001
From: Jan Lehnardt <jan@apache.org>
Date: Tue, 2 Nov 2010 22:16:18 +0000
Subject: Escape URL and cookie input.

git-svn-id: https://svn.apache.org/repos/asf/couchdb/trunk@1030261 13f79535-47bb-0310-9956-ffa450edef68
---
 share/www/script/couch_test_runner.js | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'share/www/script/couch_test_runner.js')

diff --git a/share/www/script/couch_test_runner.js b/share/www/script/couch_test_runner.js
index 2eab9c16..56787e9a 100644
--- a/share/www/script/couch_test_runner.js
+++ b/share/www/script/couch_test_runner.js
@@ -14,6 +14,13 @@
 
 
 function loadScript(url) {
+  // disallow loading remote URLs
+  if((url.substr(0, 7) == "http://")
+    || (url.substr(0, 2) == "//")
+    || (url.substr(0, 5) == "data:")
+    || (url.substr(0, 11) == "javsacript:")) {
+        throw "Not loading remote test scripts";
+  }
   if (typeof document != "undefined") document.write('<script src="'+url+'"></script>');
 };
 
-- 
cgit v1.2.3