Skip to content
Snippets Groups Projects
Commit 62043b0f authored by Brian Warner's avatar Brian Warner
Browse files

strengthen email/URL validation: require the objects to be strings

parent b8601708
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
resources/static/dialog/controllers/dialog.js
+ 2
0
View file @ 62043b0f
...@@ -84,6 +84,8 @@ BrowserID.Modules.Dialog = (function() { ...@@ -84,6 +84,8 @@ BrowserID.Modules.Dialog = (function() {
function fixupURL(origin, url) { function fixupURL(origin, url) {
var u; var u;
if (typeof(url) !== "string")
throw "urls must be strings: (" + url + ")";
if (/^http(s)?:\/\//.test(url)) u = URLParse(url); if (/^http(s)?:\/\//.test(url)) u = URLParse(url);
else if (/^\//.test(url)) u = URLParse(origin + url); else if (/^\//.test(url)) u = URLParse(origin + url);
else throw "relative urls not allowed: (" + url + ")"; else throw "relative urls not allowed: (" + url + ")";
......
resources/static/shared/validation.js
+ 2
0
View file @ 62043b0f
...@@ -7,6 +7,8 @@ BrowserID.Validation = (function() { ...@@ -7,6 +7,8 @@ BrowserID.Validation = (function() {
tooltip = bid.Tooltip; tooltip = bid.Tooltip;
bid.verifyEmail = function(address) { bid.verifyEmail = function(address) {
if (typeof(address) !== "string")
return false;
// Original gotten from http://blog.gerv.net/2011/05/html5_email_address_regexp/ // Original gotten from http://blog.gerv.net/2011/05/html5_email_address_regexp/
// changed the requirement that there must be a ldh-str because BrowserID // changed the requirement that there must be a ldh-str because BrowserID
// is only used on internet based networks. // is only used on internet based networks.
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment