Skip to content

Commit

Permalink
fix security issue OWASP-BLT#1315
Browse files Browse the repository at this point in the history
  • Loading branch information
@JisanAR03
JisanAR03 committed Nov 11, 2023
1 parent 0de510a commit 4d1a278
Showing 1 changed file with 6 additions and 3 deletions.
9 changes: 6 additions & 3 deletions website/views.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -814,9 +814,12 @@ def post(self, request, *args, **kwargs):
if email:
domain = email.split("@")[-1]
try:
ret = urllib.request.urlopen("http://" + domain + "/favicon.ico")
if ret.code == 200:
exists = "exists"
full_url_domain = "https://" + domain + "/favicon.ico"
if is_valid_https_url(full_url_domain):
safe_url = rebuild_safe_url(full_url_domain)
response = requests.get(safe_url, timeout=5)
if response.status_code == 200:
exists = "exists"
except:
pass
context = {
Expand Down

0 comments on commit 4d1a278

Please sign in to comment.