search

jazzband / django-embed-video

Django app for easy embedding YouTube and Vimeo videos and music from SoundCloud.
http://django-embed-video.rtfd.org
MIT License
383 stars 137 forks source link

Add URLvalidator to validate in admin widget #187

Closed kalzun closed 1 year ago

kalzun commented 1 year ago

This is the same method that was introduced for CVE-2019-12308: AdminURLFieldWidgetXSS. Fixes issue #182

codecov[bot] commented 1 year ago

Codecov Report

Merging #187 (5407768) into master (7fb80a5) will increase coverage by 0.00%. The diff coverage is 100.00%.

@@           Coverage Diff           @@
##           master     #187   +/-   ##
=======================================
  Coverage   98.91%   98.91%           
=======================================
  Files          17       17           
  Lines         643      647    +4     
  Branches       70       70           
=======================================
+ Hits          636      640    +4     
  Misses          4        4           
  Partials        3        3
Impacted Files Coverage Δ
embed_video/admin.py 100.00% <100.00%> (ø)
embed_video/templatetags/embed_video_tags.py 100.00% <100.00%> (ø)

:mega: We’re building smart automated test selection to slash your CI/CD build times. Learn more

aleksihakli commented 1 year ago

Tests are failing for some reason, can not merge the PR before they all pass due to project configuration.

kalzun commented 1 year ago

Yes, I see that, but as far as I can see, these tests fail regardless of this PR. Currently I do not have complete overview on how the exceptions are handled in the project, so I do not have an immediate fix for these.

aleksihakli commented 1 year ago

Thanks, LGTM!

aleksihakli commented 1 year ago

Released in 1.4.7 @kalzun