From fb5dbfc52a2fcc5ebee3da39d43f13f4533e220a Mon Sep 17 00:00:00 2001 From: Kasen IO Date: Sun, 5 Jan 2020 23:32:28 -0500 Subject: [PATCH] Disable whitelist on entity_server scripts. --- libraries/script-engine/src/ScriptEngine.cpp | 24 ++++++++++++-------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/libraries/script-engine/src/ScriptEngine.cpp b/libraries/script-engine/src/ScriptEngine.cpp index 482bde9fd4..6a6b1e8417 100644 --- a/libraries/script-engine/src/ScriptEngine.cpp +++ b/libraries/script-engine/src/ScriptEngine.cpp @@ -2377,15 +2377,21 @@ void ScriptEngine::entityScriptContentAvailable(const EntityItemID& entityID, co // END PULL SAFEURLS FROM INTERFACE.JSON Settings bool isInWhitelist = false; // assume unsafe - for (const auto& str : safeURLS) { - qCDebug(scriptengine) << whitelistPrefix << "Script URL: " << scriptOrURL << "TESTING AGAINST" << str << "RESULTS IN" - << scriptOrURL.startsWith(str); - if (!str.isEmpty() && scriptOrURL.startsWith(str)) { - isInWhitelist = true; - qCDebug(scriptengine) << whitelistPrefix << "Script approved."; - break; // bail early since we found a match - } - } + + if(ScriptEngine::getContext() == "entity_server") { + isInWhitelist = true; + } else { + for (const auto& str : safeURLS) { + qCDebug(scriptengine) << whitelistPrefix << "Script URL: " << scriptOrURL << "TESTING AGAINST" << str << "RESULTS IN" + << scriptOrURL.startsWith(str); + if (!str.isEmpty() && scriptOrURL.startsWith(str)) { + isInWhitelist = true; + qCDebug(scriptengine) << whitelistPrefix << "Script approved."; + break; // bail early since we found a match + } + } + } + if (!isInWhitelist) { qCDebug(scriptengine) << whitelistPrefix << "(disabled entity script)" << entityID.toString() << scriptOrURL; exception = makeError("UNSAFE_ENTITY_SCRIPTS == 0");