summaryrefslogtreecommitdiff
path: root/packages/backend/src/misc/verify-field-link.ts
diff options
context:
space:
mode:
authordakkar <dakkar@thenautilus.net>2025-07-28 19:28:01 +0000
committerdakkar <dakkar@thenautilus.net>2025-07-28 19:28:01 +0000
commitce3531ed96da39a4e62cb3651df0b8aee49b912f (patch)
tree4def24de3c615351ba6ab86390029b393a81fa2f /packages/backend/src/misc/verify-field-link.ts
parentmerge: Fix Postgres / TypeORM errors *FOR STABLE* (!1192) (diff)
parentfix DI error in HttpRequestService.ts (diff)
downloadsharkey-ce3531ed96da39a4e62cb3651df0b8aee49b912f.tar.gz
sharkey-ce3531ed96da39a4e62cb3651df0b8aee49b912f.tar.bz2
sharkey-ce3531ed96da39a4e62cb3651df0b8aee49b912f.zip
merge: Improve URL validation *FOR STABLE* (!1191)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/1191 Approved-by: Hazelnoot <acomputerdog@gmail.com>
Diffstat (limited to 'packages/backend/src/misc/verify-field-link.ts')
-rw-r--r--packages/backend/src/misc/verify-field-link.ts3
1 files changed, 2 insertions, 1 deletions
diff --git a/packages/backend/src/misc/verify-field-link.ts b/packages/backend/src/misc/verify-field-link.ts
index 6a3c950059..31a356be37 100644
--- a/packages/backend/src/misc/verify-field-link.ts
+++ b/packages/backend/src/misc/verify-field-link.ts
@@ -10,8 +10,9 @@ type Field = { name: string, value: string };
export async function verifyFieldLinks(fields: Field[], profileUrls: string[], httpRequestService: HttpRequestService): Promise<string[]> {
const verified_links = [];
- for (const field_url of fields.filter(x => URL.canParse(x.value) && ['http:', 'https:'].includes((new URL(x.value).protocol)))) {
+ for (const field_url of fields) {
try {
+ // getHtml validates the input URL, so we can safely pass in untrusted values
const html = await httpRequestService.getHtml(field_url.value);
const doc = cheerio(html);
generated by cgit v1.2.3-freya (git 2.53.0.84.g453e7b744a) at 2026-03-03 02:20:06 +0000