storm/bragi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Unescape HTML in URLs parsed from user input

Browse Source 
Escapes tokens like & to &, so GET parameters are correctly preserved.

Fixes: #274
This commit is contained in:
Martin Weinelt
2021-05-16 04:33:16 +02:00
parent f9cc9c7872
commit faddf4c6c2
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
util.py
View File

@ -2,6 +2,7 @@
# coding=utf-8 # coding=utf-8
import hashlib import hashlib
import html
import magic import magic
import os import os
import io import io
@ -311,7 +312,8 @@ def get_url_from_input(string):
match = re.search("(http|https)://(\S*)?/(\S*)", string, flags=re.IGNORECASE) match = re.search("(http|https)://(\S*)?/(\S*)", string, flags=re.IGNORECASE)
if match: if match:
url = match[1].lower() + "://" + match[2].lower() + "/" + match[3] url = match[1].lower() + "://" + match[2].lower() + "/" + match[3]
return url # https://github.com/mumble-voip/mumble/issues/4999
return html.unescape(url)
else: else:
return "" return ""