gryf/tuir
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #297 from michael-lazar/secure_urls

Browse Source 
Secure urls before sending to Popen.
This commit is contained in:
Michael Lazar
2016-09-18 14:09:01 -07:00
committed by GitHub
parent 4d2610ef00 ae3a06507e
commit 9d6f45c980
1 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
rtv/terminal.py
View File

@@ -15,6 +15,8 @@ from contextlib import contextmanager
from tempfile import NamedTemporaryFile from tempfile import NamedTemporaryFile
import six import six
#pylint: disable=import-error
from six.moves.urllib.parse import quote
from kitchen.text.display import textual_width_chop from kitchen.text.display import textual_width_chop
from mailcap_fix import mailcap from mailcap_fix import mailcap
@@ -468,7 +470,12 @@ class Terminal(object):
""" """
if self.display: if self.display:
command = "import webbrowser; webbrowser.open_new_tab('%s')" % url # Note that we need to sanitize the url before inserting it into
# the python code to prevent injection attacks.
command = (
"import webbrowser\n"
"from six.moves.urllib.parse import unquote\n"
"webbrowser.open_new_tab(unquote('%s'))" % quote(url))
args = [sys.executable, '-c', command] args = [sys.executable, '-c', command]
with self.loader('Opening page in a new window'), \ with self.loader('Opening page in a new window'), \
open(os.devnull, 'ab+', 0) as null: open(os.devnull, 'ab+', 0) as null: