Return-Path: 
 <commits-return-9689-apmail-couchdb-commits-archive=couchdb.apache.org@couchdb.apache.org>
X-Original-To: apmail-couchdb-commits-archive@www.apache.org
Delivered-To: apmail-couchdb-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 13081D2B4
	for <apmail-couchdb-commits-archive@www.apache.org>;
 Wed, 19 Dec 2012 01:58:34 +0000 (UTC)
Received: (qmail 32431 invoked by uid 500); 19 Dec 2012 01:58:33 -0000
Delivered-To: apmail-couchdb-commits-archive@couchdb.apache.org
Received: (qmail 32213 invoked by uid 500); 19 Dec 2012 01:58:33 -0000
Mailing-List: contact commits-help@couchdb.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@couchdb.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@couchdb.apache.org>
List-Post: <mailto:commits@couchdb.apache.org>
List-Id: <commits.couchdb.apache.org>
Reply-To: dev@couchdb.apache.org
Delivered-To: mailing list commits@couchdb.apache.org
Received: (qmail 31864 invoked by uid 99); 19 Dec 2012 01:58:32 -0000
Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org)
 (140.211.11.114)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 19 Dec 2012 01:58:32 +0000
Received: by tyr.zones.apache.org (Postfix, from userid 65534)
	id 2DC6981EBC4; Wed, 19 Dec 2012 01:58:32 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: rnewson@apache.org
To: commits@couchdb.apache.org
X-Mailer: ASF-Git Admin Mailer
Subject: [8/10] git commit: Improve script url validation
Message-Id: <20121219015832.2DC6981EBC4@tyr.zones.apache.org>
Date: Wed, 19 Dec 2012 01:58:32 +0000 (UTC)

Improve script url validation


Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/8cb48783
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/8cb48783
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/8cb48783

Branch: refs/heads/1.1.x
Commit: 8cb48783be7c570314aa616af94720efd06fd22b
Parents: 731aa6b
Author: Robert Newson <rnewson@apache.org>
Authored: Tue Dec 18 15:11:41 2012 +0000
Committer: Robert Newson <rnewson@apache.org>
Committed: Wed Dec 19 01:23:20 2012 +0000

----------------------------------------------------------------------
 share/www/script/couch_test_runner.js |    8 +++-----
 1 files changed, 3 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb/blob/8cb48783/share/www/script/couch_test_runner.js
----------------------------------------------------------------------
diff --git a/share/www/script/couch_test_runner.js b/share/www/script/couch_test_runner.js
index e14640b..f451602 100644
--- a/share/www/script/couch_test_runner.js
+++ b/share/www/script/couch_test_runner.js
@@ -15,11 +15,9 @@
 
 function loadScript(url) {
   // disallow loading remote URLs
-  if((url.substr(0, 7) == "http://")
-    || (url.substr(0, 2) == "//")
-    || (url.substr(0, 5) == "data:")
-    || (url.substr(0, 11) == "javascript:")) {
-        throw "Not loading remote test scripts";
+  var re = /^[a-z0-9_]+(\/[a-z0-9_]+)*\.js#?$/;
+  if (!re.test(url)) {
+      throw "Not loading remote test scripts";
   }
   if (typeof document != "undefined") document.write('<script src="'+url+'"></script>');
 };