diff options
| author | George Brooke <figgyc@figgyc.uk> | 2022-03-02 17:03:51 +0000 |
|---|---|---|
| committer | avih <avih@users.noreply.github.com> | 2022-03-02 20:59:33 +0200 |
| commit | 1a3e85ec3304c849fdc50a8cfbbfaf9a66ebf590 (patch) | |
| tree | 2043b76cd7a2e77bb15460472935a830eb2ad4e5 /version.py | |
| parent | b1fb4b783bd604ffb763e88a7cee2ad9d9c2c209 (diff) | |
| download | mpv-1a3e85ec3304c849fdc50a8cfbbfaf9a66ebf590.tar.bz2 mpv-1a3e85ec3304c849fdc50a8cfbbfaf9a66ebf590.tar.xz | |
ytdl_hook: fix url_is_safe to match URL protocols properly
Some youtube_dl extractors retrieve URLs which contain other URLs
inside of them, for example Funimation, like this:
https://example.com/video?parameter=https://example.net/something
The url_is_safe function uses a pattern to match the protocol at the
start of the URL. Before this commit, this pattern was not compliant
with the URL spec (see the definition of "A URL-scheme string"):
https://url.spec.whatwg.org/#url-writing
Therefore it would match any characters, including "://", until the
last occurence of "://" in the string. Thus the above URL would match
https://example.com/video?parameter=https
which is not in safe_protos so the video will not play.
Now the protocol can only start with a letter and only contain
alphanumerics, "." "+" or "-" as the spec says, so it will only match
the first protocol in the URL ("https" in the above example.)
Previously the URL also had to contain "//" after the ":". Data URLs
do not contain "//": https://datatracker.ietf.org/doc/html/rfc2397
so now the pattern does not look for "//", only ":".
Diffstat (limited to 'version.py')
0 files changed, 0 insertions, 0 deletions