Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Improve script url validation

  • Loading branch information...
commit 736528b7c33e118b76be8fcaba830ce6ed90e339 1 parent 65e67cd
@rnewson rnewson authored benoitc committed
Showing with 3 additions and 6 deletions.
  1. +3 −6 apps/couch_httpd/share/www/script/couch_test_runner.js
View
9 apps/couch_httpd/share/www/script/couch_test_runner.js
@@ -15,12 +15,9 @@
function loadScript(url) {
// disallow loading remote URLs
- if((url.substr(0, 7) == "http://")
- || (url.substr(0, 8) == "https://")
- || (url.substr(0, 2) == "//")
- || (url.substr(0, 5) == "data:")
- || (url.substr(0, 11) == "javascript:")) {
- throw "Not loading remote test scripts";
+ var re = /^[a-z0-9_]+(\/[a-z0-9_]+)*\.js#?$/;
+ if (!re.test(url)) {
+ throw "Not loading remote test scripts";
}
if (typeof document != "undefined") document.write('<script src="'+url+'"></script>');
};
Please sign in to comment.
Something went wrong with that request. Please try again.