mirror/zoneminder
1
0
Fork 0
mirror of https://github.com/ZoneMinder/zoneminder.git synced 2026-06-22 20:50:06 -04:00
Code Issues Packages Projects Releases Wiki Activity

Potential fix for pull request finding

Browse Source 
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
This commit is contained in:
Isaac Connor
2026-06-16 18:40:55 -04:00
committed by GitHub
parent 38ae51b85b
commit e2ca8ee7bd
1 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
web/skins/classic/js/skin.js
View File

@@ -101,8 +101,14 @@ window.addEventListener("DOMContentLoaded", function onSkinDCL() {
evt.preventDefault();
// Only navigate to safe schemes; block javascript:/data:/vbscript: URLs
// in href/data-url so a crafted attribute cannot run script on click.
if (url && !/^\s*(javascript|data|vbscript):/i.test(url)) {
window.location.assign(url);
try {
const parsed = new URL(String(url), document.baseURI);
const proto = parsed.protocol.toLowerCase();
if (proto === 'http:' || proto === 'https:') {
window.location.assign(parsed.href);
}
} catch (e) {
// Ignore invalid URLs
}
});
});