Merge pull request #6334 from matrix-org/rav/url_preview_limit_title_2

Fix exception when OpenGraph tag values are ints
pull/6338/head
Richard van der Hoff 2019-11-05 17:28:11 +00:00 committed by GitHub
commit 5570d1c93f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 3 additions and 1 deletions

1
changelog.d/6334.feature Normal file
View File

@ -0,0 +1 @@
Limit the length of data returned by url previews, to prevent DoS attacks.

View File

@ -278,7 +278,8 @@ class PreviewUrlResource(DirectServeResource):
# filter out any stupidly long values
keys_to_remove = []
for k, v in og.items():
if len(k) > OG_TAG_NAME_MAXLEN or len(v) > OG_TAG_VALUE_MAXLEN:
# values can be numeric as well as strings, hence the cast to str
if len(k) > OG_TAG_NAME_MAXLEN or len(str(v)) > OG_TAG_VALUE_MAXLEN:
logger.warning(
"Pruning overlong tag %s from OG data", k[:OG_TAG_NAME_MAXLEN]
)