Skip to content
Permalink
Browse files

security fix: opensubs

- xss protection for all srt files
- use ssl with opensubs

s
  • Loading branch information...
vankasteelj committed Feb 9, 2017
1 parent d7a865c commit 0ab1938a69f4277ea9a36b08b8b1b06cd987759c
Showing with 4 additions and 1 deletion.
  1. +2 −1 src/app/lib/providers/opensubtitles.js
  2. +2 −0 src/app/lib/vendor/videojshooks.js
@@ -7,7 +7,8 @@
openSRT = new OS({
useragent: Settings.opensubtitles.useragent + ' v' + (Settings.version || 1),
username: Settings.opensubtitlesUsername,
password: Settings.opensubtitlesPassword
password: Settings.opensubtitlesPassword,
ssl: true
});
};

@@ -284,6 +284,8 @@ vjs.TextTrack.prototype.load = function () {
.replace(/(- |==|sync).*[\s\S].*[\s\S].*[\s\S].*[\s\S].*\.(com|org|net|edu)/ig, '') // various teams
.replace(/[^0-9][\s\S][^0-9\W].*[\s\S].*[\s\S].*opensubtitles.*/ig, ''); // opensubs "contact us" ads

strings = Common.sanitize(strings); // xss-style attacks
strings = strings.replace(/--\&gt\;/g, '-->'); // restore srt format
callback(strings);
};

0 comments on commit 0ab1938

Please sign in to comment.
You can’t perform that action at this time.