prevent json-ld bombing, turn off browser autocomplete on channel sources creation

Zotlabs/Module/Sources.php

@@ -111,7 +111,7 @@ class Sources extends \Zotlabs\Web\Controller {
 				'$title' => t('New Source'),
 				'$desc' => t('Import all or selected content from the following channel into this channel and distribute it according to your channel settings.'),
 				'$words' => array( 'words', t('Only import content with these words (one per line)'),'',t('Leave blank to import all public content')),
-				'$name' => array( 'name', t('Channel Name'), '', ''),
+				'$name' => array( 'name', t('Channel Name'), '', '', '', 'autocomplete="off"'),
 				'$tags' => array('tags', t('Add the following categories to posts imported from this source (comma separated)'),'',t('Optional')),
 				'$resend' => [ 'resend', t('Resend posts with this channel as author'), 0, t('Copyrights may apply'), [ t('No'), t('Yes') ]],  
 				'$submit' => t('Submit')

include/network.php

@@ -2042,6 +2042,22 @@ function jsonld_document_loader($url) {
 
 	require_once('library/jsonld/jsonld.php');
 
+	$recursion = 0;
+
+	$x = debug_backtrace();
+	if($x) {
+		foreach($x as $n) {
+			if($n['function'] === __FUNCTION__)  {
+				$recursion ++;
+			}
+		}
+	}
+	if($recursion > 5) {
+		logger('jsonld bomb detected at: ' . $url);
+		killme();
+	}
+
+
 	$cachepath = 'store/[data]/ldcache';
 	if(! is_dir($cachepath))
 		os_mkdir($cachepath, STORAGE_DEFAULT_PERMISSIONS, true);

view/tpl/sources_new.tpl

@@ -3,7 +3,7 @@
 
 <div class="descriptive-text">{{$desc}}</div>
 
-<form action="sources" method="post">
+<form action="sources" method="post" autocomplete="off" >
 <input type="hidden" id="id_abook" name="abook" value="{{$abook}}" />
 {{include file="field_input.tpl" field=$name}}
 {{include file="field_input.tpl" field=$tags}}