Mercurial > prosody-modules
view mod_filter_words/mod_filter_words.lua @ 5404:1087f697c3f3
mod_http_oauth2: Strip unknown extra fields from client registration
We shouldn't sign things we don't understand!
RFC 7591 section-2 states:
> The authorization server MUST ignore any client metadata sent by the
> client that it does not understand (for instance, by silently removing
> unknown metadata from the client's registration record during
> processing).
Prevents grandfathering in of unvalidated data that might become used
later, especially since the 'additionalProperties' schema keyword was
removed in 698fef74ce53
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Tue, 02 May 2023 16:23:40 +0200 |
parents | 677fc0203da0 |
children |
line wrap: on
line source
local filters = require "util.filters"; local replacements = module:get_option("filter_words", {}); if not replacements then module:log("warn", "No 'filter_words' option set, filters inactive"); return end function filter_stanza(stanza) if stanza.name == "message" then local body = stanza:get_child("body"); if body then body[1] = body[1]:gsub("%a+", replacements); end end return stanza; end function filter_session(session) filters.add_filter(session, "stanzas/in", filter_stanza); end function module.load() if module.reloading then module:log("warn", "RELOADING!!!"); end filters.add_filter_hook(filter_session); end function module.unload() filters.remove_filter_hook(filter_session); end