Salastil/odysseus
1
0
Fork 0
mirror of https://github.com/pewdiepie-archdaemon/odysseus.git synced 2026-06-17 10:15:27 -04:00
Code Issues Packages Projects Releases Wiki Activity

Constrain signature uploads to PNG data (#2844)

Browse Source
This commit is contained in:
Vykos
2026-06-05 13:17:43 +02:00
committed by GitHub
parent 688194113b
commit 0b0d747f1c
4 changed files with 150 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tests/test_signature_settings_dom_xss.py
+1 -1
View File
@@ -10,7 +10,7 @@ def test_signature_picker_allows_only_raster_data_urls():
src = (_REPO / "static" / "js" / "signature.js").read_text(encoding="utf-8")
assert "function _safeSignatureDataUrl(raw)" in src
assert r"^data:image\/(?:png|jpe?g);base64," in src
assert r"^data:image\/png;base64," in src
assert '<img src="${_esc(dataUrl)}"/>' in src
assert 'dataUrl: s.data_url' not in src