open.source/stylus
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Sanitize file: URLs in "Find more styles"

Browse Source 
Remove the path from `file:` URLs in "Find more files" to avoid leaking users' file system structure to network. Userstyles will currently redirect to
https://userstyles.org/styles/browse?search_terms=file%3A
This commit is contained in:
hideheader 2015-02-18 16:55:40 -05:00
parent 633b09cfbd
commit ffe689ef72
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
popup.js
View File

@ -5,7 +5,7 @@ var writeStyleTemplate = document.createElement("a");
writeStyleTemplate.className = "write-style-link";
chrome.tabs.getSelected(null, function(tab) {
var urlWillWork = /^(file|http|https|chrome\-extension):.*/.test(tab.url);
var urlWillWork = /^(file|http|https|chrome\-extension):.*/.exec(tab.url);
if (!urlWillWork) {
["installed", "find-styles", "write-style"].forEach(function(id) {
@ -16,7 +16,7 @@ chrome.tabs.getSelected(null, function(tab) {
}
chrome.extension.sendMessage({method: "getStyles", matchUrl: tab.url}, showStyles);
document.querySelector("#find-styles a").href = "https://userstyles.org/styles/browse/all/" + encodeURIComponent(tab.url);
document.querySelector("#find-styles a").href = "https://userstyles.org/styles/browse/all/" + encodeURIComponent("file" === urlWillWork[1] ? "file:" : tab.url);
// Write new style links
var writeStyleLinks = []