prevent Homograph attack using scala-uri punycode
Reported by https://hackerone.com/mik317pull/7412/head
parent
e64022b571
commit
916eb62e2f
|
@ -170,7 +170,7 @@ lazy val mod = module("mod",
|
|||
|
||||
lazy val user = smallModule("user",
|
||||
Seq(common, memo, db, hub, rating, socket),
|
||||
Seq(hasher, specs2, autoconfig) ++ playWs.bundle ++ reactivemongo.bundle ++ macwire.bundle
|
||||
Seq(hasher, specs2, autoconfig, scalaUri) ++ playWs.bundle ++ reactivemongo.bundle ++ macwire.bundle
|
||||
)
|
||||
|
||||
lazy val game = module("game",
|
||||
|
|
|
@ -1,5 +1,7 @@
|
|||
package lila.user
|
||||
|
||||
import io.lemonlabs.uri.Url
|
||||
|
||||
object Links {
|
||||
|
||||
def make(text: String): List[Link] = text.linesIterator.to(List).map(_.trim).flatMap(toLink)
|
||||
|
@ -10,7 +12,8 @@ object Links {
|
|||
line match {
|
||||
case UrlRegex(domain) =>
|
||||
Link(
|
||||
site = Link.Site.allKnown find (_ matches domain) getOrElse Link.Site.Other(domain),
|
||||
site = Link.Site.allKnown find (_ matches domain) getOrElse
|
||||
Link.Site.Other(Url.parse(domain).toStringPunycode),
|
||||
url = if (line startsWith "http") line else s"https://$line"
|
||||
).some
|
||||
case _ => none
|
||||
|
|
Loading…
Reference in New Issue