sanitize input

js/interface.js

@@ -76,11 +76,14 @@ class Settings {
                     placeholder: "URL de l'image",
                     tags: true,
                     createTag: function (params) {
-                        return {
+                        const url = encodeURI(params.term);
-                            id:  $.fn.select2.defaults.defaults.escapeMarkup(params.term),
+                        if (/^(https?:\/\/.*\.(?:png|jpg|jpeg|gif|bmp|webp|svg))$/i.test(url)) {
-                            text: 'Ajouté manuellement',
+                            return {
-                            newTag: true,
+                                id: url,
-                        };
+                                text: 'Source externe',
+                                newTag: true,
+                            };
+                        }
                     },
                 });
                 if (localStorage['skinURL']) {
@@ -91,8 +94,7 @@ class Settings {
                         $('#skinURLSelect').val(localStorage['skinURL']).trigger('change');
                     } else {
                         var option = new Option(
-                            localStorage['skinURL'],
+                            'Source externe',
-                            'Ajouté manuellement',
                             localStorage['skinURL'],
                             true,
                             true,