fix: xss_filter relative path

F0RE1GNERS · Apr 23, 2017 · 680d60d · 680d60d
1 parent e8c4b30
commit 680d60d
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/utils/xss_filter.py b/utils/xss_filter.py
@@ -41,7 +41,7 @@ class XssHtml(HTMLParser):
         "table": ["border", "cellpadding", "cellspacing"],
     }
 
-    _regex_url = re.compile(r'^(http|https|ftp)://.*', re.I | re.S)
+    _regex_url = re.compile(r'^(((http|https|ftp)://)|/).*', re.I | re.S)
     _regex_style_1 = re.compile(r'(\\|&#|/\*|\*/)', re.I)
     _regex_style_2 = re.compile(r'e.*x.*p.*r.*e.*s.*s.*i.*o.*n', re.I | re.S)
 
@@ -192,6 +192,7 @@ def _htmlspecialchars(self, html):
         <a href='javascript:prompt(1)'><br />hehe</a></div>
         <p id="test" onmouseover="alert(1)" style="expresSion(alert(1))">&gt;M<svg>
         <a href="https://www.baidu.com" target="self">MM</a></p>
-        <embed src='javascript:alert(/hehe/)' allowscriptaccess=always />""")
+        <embed src='javascript:alert(/hehe/)' allowscriptaccess=always />
+        <a href="/problem/">Problems</a>""")
     parser.close()
-    print(parser.getHtml())
+    print(parser.getHtml())