chiark / gitweb /
~ianmdlvl / fdroidserver.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
lint: ban all dangerous HTML tags
[fdroidserver.git] / fdroidserver / lint.py
diff --git a/fdroidserver/lint.py b/fdroidserver/lint.py
index a5ed3637dcf35981463a689390a0612fa72bdb51..b0a5cad76f93f52fb33752519bd98602e5605cf9 100644 (file)
--- a/fdroidserver/lint.py
+++ b/fdroidserver/lint.py
@@ -164,6 +164,10 @@ regex_checks = {
          _("Unnecessary leading space")),
         (re.compile(r'.*\s$'),
          _("Unnecessary trailing space")),
+        (re.compile(r'.*<(applet|base|body|button|embed|form|head|html|iframe|img|input|link|object|picture|script|source|style|svg|video).*', re.IGNORECASE),
+         _("Forbidden HTML tags")),
+        (re.compile(r'''.*\s+src=["']javascript:.*'''),
+         _("Javascript in HTML src attributes")),
     ],
 }
 
@@ -365,10 +369,13 @@ def check_builds(app):
                 yield _("Branch '{branch}' used as commit in build '{versionName}'")\
                     .format(branch=s, versionName=build.versionName)
             for srclib in build.srclibs:
-                ref = srclib.split('@')[1].split('/')[0]
-                if ref.startswith(s):
-                    yield _("Branch '{branch}' used as commit in srclib '{srclib}'")\
-                        .format(branch=s, srclib=srclib)
+                if '@' in srclib:
+                    ref = srclib.split('@')[1].split('/')[0]
+                    if ref.startswith(s):
+                        yield _("Branch '{branch}' used as commit in srclib '{srclib}'")\
+                            .format(branch=s, srclib=srclib)
+                else:
+                    yield _('srclibs missing name and/or @') + ' (srclibs: ' + srclib + ')'
         for key in build.keys():
             if key not in supported_flags:
                 yield _('%s is not an accepted build field') % key
Unnamed repository; edit this file 'description' to name the repository.