wikimedia/mediawiki-extensions-Popups
1
0
Fork 0
mirror of https://gerrit.wikimedia.org/r/mediawiki/extensions/Popups synced 2024-11-24 07:34:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge "renderer.article: Ignore thumnail if the URL has suspicious characters"

Browse source
This commit is contained in:
jenkins-bot 2015-03-26 10:33:42 +00:00 committed by Gerrit Code Review
parent d7bba41956 42d0347582
commit 7d21948d1a
1 changed files with 9 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
resources/ext.popups.renderer.article.js
View file

@ -249,11 +249,18 @@
var svg = mw.popups.supportsSVG;
if (
!thumbnail || // No thumbnail
// No thumbnail
!thumbnail ||
// Image too small for landscape display
( !tall && thumbnail.width < article.SIZES.landscapeImage.w ) ||
// Image too small for protrait display
( tall && thumbnail.height < article.SIZES.portraitImage.h )
( tall && thumbnail.height < article.SIZES.portraitImage.h ) ||
// These characters in URL that could inject CSS and thus JS
(
thumbnail.source.indexOf( '\\' ) > -1 ||
thumbnail.source.indexOf( '\'' ) > -1 ||
thumbnail.source.indexOf( '\"' ) > -1
)
) {
return $( '<span>' );
}