lee/changedetection.io
1
0
Fork 0
mirror of https://github.com/dgtlmoon/changedetection.io.git synced 2025-12-13 19:45:56 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Unify safe URL checking to the one function, strengthen tests and filters (#3564)
Some checks failed
Build and push containers / metadata (push) Has been cancelled
Details
Build and push containers / build-push-containers (push) Has been cancelled
Details
Publish Python 🐍distribution 📦 to PyPI and TestPyPI / Build distribution 📦 (push) Has been cancelled
Details
Publish Python 🐍distribution 📦 to PyPI and TestPyPI / Test the built package works basically. (push) Has been cancelled
Details
Publish Python 🐍distribution 📦 to PyPI and TestPyPI / Publish Python 🐍 distribution 📦 to PyPI (push) Has been cancelled
Details
ChangeDetection.io Container Build Test / Build linux/amd64 (alpine) (push) Has been cancelled
Details
ChangeDetection.io Container Build Test / Build linux/arm64 (alpine) (push) Has been cancelled
Details
ChangeDetection.io Container Build Test / Build linux/amd64 (main) (push) Has been cancelled
Details
ChangeDetection.io Container Build Test / Build linux/arm/v7 (main) (push) Has been cancelled
Details
ChangeDetection.io Container Build Test / Build linux/arm/v8 (main) (push) Has been cancelled
Details
ChangeDetection.io Container Build Test / Build linux/arm64 (main) (push) Has been cancelled
Details
ChangeDetection.io App Test / lint-code (push) Has been cancelled
Details
ChangeDetection.io App Test / test-application-3-10 (push) Has been cancelled
Details
ChangeDetection.io App Test / test-application-3-11 (push) Has been cancelled
Details
ChangeDetection.io App Test / test-application-3-12 (push) Has been cancelled
Details
ChangeDetection.io App Test / test-application-3-13 (push) Has been cancelled
Details

Browse Source
This commit is contained in:
dgtlmoon
2025-10-28 13:24:37 +01:00
committed by GitHub
parent 66aec365c2
commit ab0b85d088
11 changed files with 151 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
changedetectionio/api/Watch.py
View File

@@ -1,14 +1,12 @@
import os
from changedetectionio.strtobool import strtobool
from changedetectionio.html_tools import is_safe_url
from changedetectionio.validate_url import is_safe_valid_url
from flask_expects_json import expects_json
from changedetectionio import queuedWatchMetaData
from changedetectionio import worker_handler
from flask_restful import abort, Resource
from flask import request, make_response, send_from_directory
import validators
from . import auth
import copy
@@ -124,7 +122,7 @@ class Watch(Resource):
return validation_error, 400
# XSS etc protection
if request.json.get('url') and not is_safe_url(request.json.get('url')):
if request.json.get('url') and not is_safe_valid_url(request.json.get('url')):
return "Invalid URL", 400
watch.update(request.json)
@@ -232,9 +230,7 @@ class CreateWatch(Resource):
json_data = request.get_json()
url = json_data['url'].strip()
# If hosts that only contain alphanumerics are allowed ("localhost" for example)
allow_simplehost = not strtobool(os.getenv('BLOCK_SIMPLEHOSTS', 'False'))
if not validators.url(url, simple_host=allow_simplehost):
if not is_safe_valid_url(url):
return "Invalid or unsupported URL", 400
if json_data.get('proxy'):