Software / code / prosody
Annotate
util/hex.lua @ 13854:0b01f40df0f9 13.0
mod_http_file_share: Add media-src 'self' to Content-Security-Policy header
This allows certain media files to be loaded when navigated to directly in a
web browser.
Note that in some browsers (Chrome), the media gets transformed
internally into a HTML page with some basic styles, but these are blocked due
to our default-src policy of 'none' Although this could be unblocked with
style-src unsafe-inline, it is not our plan to fix this, because this would
have negative security implications.
The reason for our CSP is to prevent the file share service from being used to
host malicious HTML/CSS/JS. Yes, CSS can be malicious.
Our file share service is for uploading and downloading files, it is not a
substitute for website/content hosting.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Fri, 18 Apr 2025 12:25:06 +0100 |
| parent | 12355:a0ff5c438e9d |
| rev | line source |
|---|---|
|
6375
76d8907d5301
util.hex: Small util lib for converting to/from hex strings
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1 local s_char = string.char; |
|
6545
ec566d7cd518
util.hex: Pedantic optimization, 1 table lookup per byte instead of 3 function calls makes it go faster
Kim Alvefur <zash@zash.se>
parents:
6384
diff
changeset
|
2 local s_format = string.format; |
|
ec566d7cd518
util.hex: Pedantic optimization, 1 table lookup per byte instead of 3 function calls makes it go faster
Kim Alvefur <zash@zash.se>
parents:
6384
diff
changeset
|
3 local s_gsub = string.gsub; |
|
6802
442019e955dc
util.hex: Normalize hex to lowercase and discard non-hex input
Kim Alvefur <zash@zash.se>
parents:
6545
diff
changeset
|
4 local s_lower = string.lower; |
|
6545
ec566d7cd518
util.hex: Pedantic optimization, 1 table lookup per byte instead of 3 function calls makes it go faster
Kim Alvefur <zash@zash.se>
parents:
6384
diff
changeset
|
5 |
|
ec566d7cd518
util.hex: Pedantic optimization, 1 table lookup per byte instead of 3 function calls makes it go faster
Kim Alvefur <zash@zash.se>
parents:
6384
diff
changeset
|
6 local char_to_hex = {}; |
|
ec566d7cd518
util.hex: Pedantic optimization, 1 table lookup per byte instead of 3 function calls makes it go faster
Kim Alvefur <zash@zash.se>
parents:
6384
diff
changeset
|
7 local hex_to_char = {}; |
|
6375
76d8907d5301
util.hex: Small util lib for converting to/from hex strings
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
8 |
|
6545
ec566d7cd518
util.hex: Pedantic optimization, 1 table lookup per byte instead of 3 function calls makes it go faster
Kim Alvefur <zash@zash.se>
parents:
6384
diff
changeset
|
9 do |
|
ec566d7cd518
util.hex: Pedantic optimization, 1 table lookup per byte instead of 3 function calls makes it go faster
Kim Alvefur <zash@zash.se>
parents:
6384
diff
changeset
|
10 local char, hex; |
|
ec566d7cd518
util.hex: Pedantic optimization, 1 table lookup per byte instead of 3 function calls makes it go faster
Kim Alvefur <zash@zash.se>
parents:
6384
diff
changeset
|
11 for i = 0,255 do |
|
ec566d7cd518
util.hex: Pedantic optimization, 1 table lookup per byte instead of 3 function calls makes it go faster
Kim Alvefur <zash@zash.se>
parents:
6384
diff
changeset
|
12 char, hex = s_char(i), s_format("%02x", i); |
|
ec566d7cd518
util.hex: Pedantic optimization, 1 table lookup per byte instead of 3 function calls makes it go faster
Kim Alvefur <zash@zash.se>
parents:
6384
diff
changeset
|
13 char_to_hex[char] = hex; |
|
ec566d7cd518
util.hex: Pedantic optimization, 1 table lookup per byte instead of 3 function calls makes it go faster
Kim Alvefur <zash@zash.se>
parents:
6384
diff
changeset
|
14 hex_to_char[hex] = char; |
|
ec566d7cd518
util.hex: Pedantic optimization, 1 table lookup per byte instead of 3 function calls makes it go faster
Kim Alvefur <zash@zash.se>
parents:
6384
diff
changeset
|
15 end |
|
6375
76d8907d5301
util.hex: Small util lib for converting to/from hex strings
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
16 end |
|
76d8907d5301
util.hex: Small util lib for converting to/from hex strings
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
17 |
| 6384 | 18 local function to(s) |
|
6545
ec566d7cd518
util.hex: Pedantic optimization, 1 table lookup per byte instead of 3 function calls makes it go faster
Kim Alvefur <zash@zash.se>
parents:
6384
diff
changeset
|
19 return (s_gsub(s, ".", char_to_hex)); |
|
6375
76d8907d5301
util.hex: Small util lib for converting to/from hex strings
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
20 end |
|
76d8907d5301
util.hex: Small util lib for converting to/from hex strings
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
21 |
| 6384 | 22 local function from(s) |
|
6802
442019e955dc
util.hex: Normalize hex to lowercase and discard non-hex input
Kim Alvefur <zash@zash.se>
parents:
6545
diff
changeset
|
23 return (s_gsub(s_lower(s), "%X*(%x%x)%X*", hex_to_char)); |
|
6375
76d8907d5301
util.hex: Small util lib for converting to/from hex strings
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
24 end |
|
76d8907d5301
util.hex: Small util lib for converting to/from hex strings
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
25 |
|
12355
a0ff5c438e9d
util.hex: Deprecate to/from in favour of encode/decode, for consistency!
Matthew Wild <mwild1@gmail.com>
parents:
6802
diff
changeset
|
26 return { |
|
a0ff5c438e9d
util.hex: Deprecate to/from in favour of encode/decode, for consistency!
Matthew Wild <mwild1@gmail.com>
parents:
6802
diff
changeset
|
27 encode = to, decode = from; |
|
a0ff5c438e9d
util.hex: Deprecate to/from in favour of encode/decode, for consistency!
Matthew Wild <mwild1@gmail.com>
parents:
6802
diff
changeset
|
28 -- COMPAT w/pre-0.12: |
|
a0ff5c438e9d
util.hex: Deprecate to/from in favour of encode/decode, for consistency!
Matthew Wild <mwild1@gmail.com>
parents:
6802
diff
changeset
|
29 to = to, from = from; |
|
a0ff5c438e9d
util.hex: Deprecate to/from in favour of encode/decode, for consistency!
Matthew Wild <mwild1@gmail.com>
parents:
6802
diff
changeset
|
30 }; |
