Ticket #8406 (closed enhancement: fixed)
Opened 3 years ago
Last modified 18 months ago
ExternalLinksFilterStrategy should allow Whitelisting
| Reported by: | Sven | Owned by: | |
|---|---|---|---|
| Priority: | normal | Milestone: | plugin - spam-filter |
| Component: | plugin/spamfilter | Version: | none |
| Severity: | normal | Keywords: | review |
| Cc: | |||
| Release Notes: | |||
| API Changes: | |||
Description
I'd like to see the external links to allow for some kind of whitelisting.
Currently a link is considered external if its domain differs from the HOST HTTP header in the request.
I'd like to see a setting that allows the admin to define a more relaxed check which allows to include whole domains (*.example.com instead of only trac.example.com), because Links to other parts of that domain should not be considered external.
Attachments
Change History
comment:1 Changed 3 years ago by cboos
- Keywords needinfo added
Changed 3 years ago by Sven
- Attachment Extlinks-with-whitelist.diff added
Patch to extend the extlinks filter with a domain whitelist
comment:2 Changed 3 years ago by Sven
I added a patch to solve this issue. Please review.
comment:3 Changed 3 years ago by Sven
- Keywords needinfo removed
comment:4 Changed 3 years ago by cboos
- Keywords review added
- Milestone set to not applicable
I'm not sure, but wouldn't this:
46 allowed = self.allowed_domains
47 allowed.append(req.get_header('Host'))
48
modify the default list in place? (accumulating the get_header('Host')).
Maybe a copy() is needed, would you care to check that?
Otherwise the patch looks good.
comment:5 Changed 2 years ago by cboos
- Milestone changed from not applicable to spam-filter-plugin
comment:6 Changed 18 months ago by dstoecker
- Resolution set to fixed
- Status changed from new to closed
In r10021.
Patch needed (see TracDev/SubmittingPatches).