46fb07a
Ensure URLs are URLs not anything else Before this commit users could input anything there, include JS code which would lead to potential XSS exploits. This fixes CVE-2018-1002155 Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>