wuyuan/Classworks
1
0
Fork 0
mirror of https://github.com/ZeroCatDev/Classworks.git synced 2026-02-04 16:03:10 +00:00
Code Releases Activity

harden background url handling

Browse Source 
Co-authored-by: Sunwuyuan <88357633+Sunwuyuan@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot] 2025-12-29 10:25:15 +00:00
parent 2b411a13ca
commit cdbe06f528
1 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/pages/index.vue
View File

@ -699,7 +699,7 @@ export default {
backgroundOverlayStyle() { backgroundOverlayStyle() {
if (!this.hasBackgroundImage) return { display: "none" }; if (!this.hasBackgroundImage) return { display: "none" };
const dim = Math.min(Math.max(this.backgroundDimAmount, 0), 100); const dim = Math.min(Math.max(this.backgroundDimAmount, 0), 90);
const overlayBlur = Math.min(Math.max(this.backgroundBlurAmount, 0), 50) / 3; const overlayBlur = Math.min(Math.max(this.backgroundBlurAmount, 0), 50) / 3;
return { return {
backgroundColor: `rgba(0, 0, 0, ${dim / 100})`, backgroundColor: `rgba(0, 0, 0, ${dim / 100})`,
@ -2227,7 +2227,13 @@ export default {
return false; return false;
}, },
sanitizeBackgroundUrl(url) { sanitizeBackgroundUrl(url) {
return url.replace(/["'()]/g, ""); if (!this.isSafeBackgroundUrl(url)) return "";
try {
const parsed = new URL(url, window.location.origin);
return parsed.href;
} catch (e) {
return url.replace(/["'()\\]/g, "");
}
}, },
safeBase64Decode(base64String) { safeBase64Decode(base64String) {
@ -2442,7 +2448,4 @@ export default {
.home-background { .home-background {
transform: scale(1.02); transform: scale(1.02);
} }
.home-background-overlay {
}
</style> </style>