alacritty

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs | README

commit b6a5ba21a130110c47d9dc43b3d6662051ba22b5
parent fbefd804c8785caa058d512a95a8e41a21c69435
Author: Christian Duerr <contact@christianduerr.com>
Date:   Thu,  3 Jan 2019 21:18:26 +0100

Limit number of URL schemes

This limits the number of allowed schemes for the URL launcher, to
reduce the number of false-positives.

The accepted URL schemes are now:
    - http
    - https
    - mailto
    - news
    - file
    - git
    - ssh
    - ftp

This fixes #1727.

Diffstat:
MCHANGELOG.md | 1+
Msrc/term/mod.rs | 9++++++++-
2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md @@ -19,6 +19,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Windows configuration location has been moved from %USERPROFILE%\alacritty.yml to %APPDATA%\alacritty\alacritty.yml - Windows default shell is now PowerShell instead of cmd +- URL schemes have been limited to http, https, mailto, news, file, git, ssh and ftp ### Fixed diff --git a/src/term/mod.rs b/src/term/mod.rs @@ -41,6 +41,7 @@ use self::cell::LineLength; // See https://tools.ietf.org/html/rfc3987#page-13 const URL_SEPARATOR_CHARS: [char; 10] = ['<', '>', '"', ' ', '{', '}', '|', '\\', '^', '`']; const URL_DENY_END_CHARS: [char; 7] = ['.', ',', ';', ':', '?', '!', '/']; +const URL_SCHEMES: [&str; 8] = ["http", "https", "mailto", "news", "file", "git", "ssh", "ftp"]; /// A type that can expand a given point to a region /// @@ -148,7 +149,13 @@ impl Search for Term { // Check if string is valid url match Url::parse(&buf) { - Ok(_) => Some(buf), + Ok(url) => { + if URL_SCHEMES.contains(&url.scheme()) { + Some(buf) + } else { + None + } + } Err(_) => None, } }