whoogle-search/app
Ben Busby 3a2e0b262e
Validate urls in `element` and `window` endpoints
Domains were previously not validated before being handled, leading to a
potential scenario where someone could pass something like
"element_url=127.0.0.1:<port>/<resource>" to access other resources on a
machine running Whoogle. This change ensures that the resource used in
both endpoints is a valid domain.

This also includes validation of config names to prevent names from
including path values such as "../../(etc)".
2023-09-13 15:50:04 -06:00
..
models Ensure b64 prefs always have min padding 2023-05-19 11:39:51 -06:00
static Use filtered query for map tab 2023-09-08 16:44:04 -06:00
templates Update handling of custom css (#965) 2023-04-13 14:19:36 -06:00
utils Fix invalid calculator widget path (#1064) 2023-09-13 14:13:21 -06:00
__init__.py Suppress spurious warnings from bs4 2023-03-22 12:29:05 -06:00
__main__.py Swap out Flask's default web server for Waitress (#32) 2020-05-12 17:14:55 -06:00
filter.py Fix: `keep_blank_values = True` to handle blank `q` input (#1052) 2023-08-21 14:53:10 -06:00
request.py Change the consent cookies (#1054) 2023-08-21 14:50:38 -06:00
routes.py Validate urls in `element` and `window` endpoints 2023-09-13 15:50:04 -06:00
version.py Bump version to 0.8.3 2023-08-21 15:06:17 -06:00