summaryrefslogtreecommitdiff
path: root/static/js/src/util.js
diff options
context:
space:
mode:
Diffstat (limited to 'static/js/src/util.js')
-rwxr-xr-xstatic/js/src/util.js15
1 files changed, 11 insertions, 4 deletions
diff --git a/static/js/src/util.js b/static/js/src/util.js
index 2a3dc52..69740ff 100755
--- a/static/js/src/util.js
+++ b/static/js/src/util.js
@@ -18,11 +18,18 @@ String.prototype.trim = function(){ return this.replace(/^\s+|\s+$/g,'') }
function normalizeUrl(url) {
if (!url) { return url; }
- var lowerurl = url.toLowerCase();
- if (lowerurl.indexOf('http://') == 0 || lowerurl.indexOf('https://') == 0 || lowerurl.indexOf('ftp://') == 0 || lowerurl.indexOf('//') == 0)
- return url;
+ var trimmed = url.trim();
+ var lowerurl = trimmed.toLowerCase();
+ if (lowerurl.indexOf('//') == 0 || lowerurl.indexOf('https://') == 0 || lowerurl.indexOf('ftp://') == 0)
+ return trimmed;
+ if (lowerurl.indexOf('http://') == 0) {
+ // On HTTPS pages, modern browsers will auto-upgrade or block insecure image loads.
+ // Prefer upgrading ourselves so hotlinked images render when the host supports HTTPS.
+ if (location && location.protocol == 'https:') return 'https://' + trimmed.substr('http://'.length);
+ return trimmed;
+ }
var scheme = (location && location.protocol == 'https:') ? 'https://' : 'http://';
- return scheme + url;
+ return scheme + trimmed;
}
function isCSSPropertySupported(prop){ return prop in document.body.style }
generated by cgit v1.2.3-70-g09d2 (git 2.52.0) at 2026-01-30 23:03:55 +0000