tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-07-27 15:54:03 +02:00
Code Issues Packages Projects Releases Wiki Activity

js: Only load URLs prefixed by the base URL

Browse Source
This commit is contained in:
Johannes Meyer 2025-02-21 16:33:57 +01:00
parent 484bd26d63
commit aad020511f
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
public/js/icinga/loader.js
View File

@ -242,6 +242,10 @@
loadUrl: function (url, $target, data, method, action, autorefresh, progressTimer, extraHeaders) { loadUrl: function (url, $target, data, method, action, autorefresh, progressTimer, extraHeaders) {
var id = null; var id = null;
if (url.startsWith('//') || ! url.startsWith(this.baseUrl + '/')) {
throw new Error('URL ' + url + ' is not relative to ' + this.baseUrl);
}
// Default method is GET // Default method is GET
if ('undefined' === typeof method) { if ('undefined' === typeof method) {
method = 'GET'; method = 'GET';