From cb56a21951921ed02649d0a1f96e681c31d0c771 Mon Sep 17 00:00:00 2001
From: rteusner <ralf.teusner@hpi.de>
Date: Wed, 16 May 2018 14:41:15 +0200
Subject: [PATCH] Update execution.js.erb

---
 app/assets/javascripts/editor/execution.js.erb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app/assets/javascripts/editor/execution.js.erb b/app/assets/javascripts/editor/execution.js.erb
index 32035828..a5126462 100644
--- a/app/assets/javascripts/editor/execution.js.erb
+++ b/app/assets/javascripts/editor/execution.js.erb
@@ -4,6 +4,7 @@ CodeOceanEditorWebsocket = {
   createSocketUrl: function(url) {
       var sockURL = new URL(window.location);
       sockURL.pathname = url;
+      // sanitize socket protocol string, strip trailing slash and other malicious chars if they are there
       sockURL.protocol = '<%= DockerClient.config['ws_client_protocol']&.match(/(\w+):*\/*/)&.to_a&.at(1) %>:';
 
       // strip anchor if it is in the url