aiden
/
mastodon
mirror of https://github.com/mastodon/mastodon
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
12,594 Commits
136 Branches
281 Tags
1.1 GiB
Commit Graph

5 Commits (18fb01ef7ca3829b07bb8ea101bdd073da72cfbc)

Author SHA1 Message Date
David Leadbeater 69378eac99
Don't allow URLs that contain non-normalized paths to be verified () 
* Don't allow URLs that contain non-normalized paths to be verified

This stops things like https://example.com/otheruser/../realuser where
"/otheruser" appears to be the verified URL, but the actual URL being
verified is "/realuser" due to the "/../".

Also fix a test to use 'https', so it is testing the right thing, now
that since  https is required.

* missing do
Emily Strickland 96f51e593f
Guard against error extracting `body` from URL () 
If `Nokogiri::HTML(value).at_xpath('//body')` fails to find the `body` element, it will return `nil`. We can guard against that with an early return. Avoids calling `children` on `Nilclass` in those cases.
Eugen Rochko c6c7c6223d
Change verification to only work for https links () 
Fix
Eugen Rochko 9965a23b04
Change link verification to ignore IDN domains () 
Fix
Eugen Rochko e98833748e
Fix being able to spoof link verification () 
- Change verification to happen in `default` queue
- Change verification worker to only be queued if there's something to do
- Add `link` tags from metadata fields to page header of profiles