From 6db9bd08f1a5ccb8c3705f155e2137c215790e88 Mon Sep 17 00:00:00 2001
From: kwaroran <amasio1234@proton.me>
Date: Mon, 28 Apr 2025 16:45:06 +0900
Subject: [PATCH] Add more restrictions

---
 src/ts/process/lua.ts | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/src/ts/process/lua.ts b/src/ts/process/lua.ts
index 623df500..bc737239 100644
--- a/src/ts/process/lua.ts
+++ b/src/ts/process/lua.ts
@@ -236,6 +236,29 @@ export async function runLua(code:string, arg:{
                         }
                     }
 
+                    if(!url.startsWith('https://')){
+                        return {
+                            status: 400,
+                            data: "Only https requests are allowed"
+                        }
+                    }
+
+                    const bannedURL = [
+                        "https://realm.risuai.net",
+                        "https://risuai.net",
+                        "https://risuai.xyz"
+                    ]
+
+                    for(const burl of bannedURL){
+
+                        if(url.startsWith(burl)){
+                            return {
+                                status: 400,
+                                data: "request to " + url + ' is not allowed'
+                            }
+                        }
+                    }
+
                     //browser fetch
                     const d = await fetchNative(url, {
                         method: "GET"