dearwolf/aider
1
0
Fork 0
mirror of https://github.com/Aider-AI/aider.git synced 2025-05-30 09:14:59 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

feat: Add URL validation and Content Security Policy to share page

Browse source
This commit is contained in:
Paul Gauthier (aider) 2024-11-18 13:37:02 -08:00
parent 72734de376
commit 3c9c6eef6e
1 changed files with 17 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

18
aider/website/share/index.md
View file

@ -2,6 +2,12 @@
nav_exclude: true nav_exclude: true
--- ---
<meta http-equiv="Content-Security-Policy"
content="default-src 'self';
script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net;
connect-src http: https:;
style-src 'self' 'unsafe-inline';">
# Shared aider chat transcript # Shared aider chat transcript
A user has shared the following transcript of a pair programming chat session A user has shared the following transcript of a pair programming chat session
@ -38,10 +44,20 @@ print("goodbye")
<script src="https://cdn.jsdelivr.net/npm/marked/marked.min.js"></script> <script src="https://cdn.jsdelivr.net/npm/marked/marked.min.js"></script>
<script> <script>
function isValidUrl(url) {
try {
const urlObj = new URL(url);
return urlObj.protocol === 'http:' || urlObj.protocol === 'https:';
} catch {
return false;
}
}
window.onload = function() { window.onload = function() {
var urlParams = new URLSearchParams(window.location.search); var urlParams = new URLSearchParams(window.location.search);
var conv = urlParams.get('mdurl'); var conv = urlParams.get('mdurl');
if (!conv) { if (!conv || !isValidUrl(conv)) {
console.error('Invalid or missing URL');
return; return;
} }
document.getElementById('mdurl').href = conv; document.getElementById('mdurl').href = conv;