IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-25 18:55:32 -06:00
Code Issues Packages Projects Releases Wiki Activity

FIX: Allow Safe Redirections in Topic Embedding

Browse Source
This commit is contained in:
Robin Ward
2016-09-15 13:56:59 -04:00
parent 596fcfeb58
commit cd571b26ba
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/models/topic_embed.rb
View File

@@ -81,7 +81,7 @@ class TopicEmbed < ActiveRecord::Base
embed_classname_whitelist = SiteSetting.embed_classname_whitelist if SiteSetting.embed_classname_whitelist.present?
response = FetchResponse.new
html = open(url).read
html = open(url, allow_redirections: :safe).read
raw_doc = Nokogiri::HTML(html)
auth_element = raw_doc.at('meta[@name="author"]')