diff options
| author | dakkar <dakkar@thenautilus.net> | 2025-07-31 21:53:33 +0000 |
|---|---|---|
| committer | dakkar <dakkar@thenautilus.net> | 2025-07-31 21:53:33 +0000 |
| commit | a2bc6603c244290707a7aadb661833fa74c69460 (patch) | |
| tree | 4def24de3c615351ba6ab86390029b393a81fa2f /packages/backend/src/misc | |
| parent | merge: disable outgoing mastodon quotes *FOR STABLE* (!1169) (diff) | |
| parent | merge: Improve URL validation *FOR STABLE* (!1191) (diff) | |
| download | sharkey-a2bc6603c244290707a7aadb661833fa74c69460.tar.gz sharkey-a2bc6603c244290707a7aadb661833fa74c69460.tar.bz2 sharkey-a2bc6603c244290707a7aadb661833fa74c69460.zip | |
merge: For 2025.4.4 (!1199)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/1199
Approved-by: Hazelnoot <acomputerdog@gmail.com>
Approved-by: Marie <github@yuugi.dev>
Diffstat (limited to 'packages/backend/src/misc')
| -rw-r--r-- | packages/backend/src/misc/captcha-error.ts | 18 | ||||
| -rw-r--r-- | packages/backend/src/misc/render-inline-error.ts | 2 | ||||
| -rw-r--r-- | packages/backend/src/misc/verify-field-link.ts | 7 |
3 files changed, 23 insertions, 4 deletions
diff --git a/packages/backend/src/misc/captcha-error.ts b/packages/backend/src/misc/captcha-error.ts new file mode 100644 index 0000000000..217018ec68 --- /dev/null +++ b/packages/backend/src/misc/captcha-error.ts @@ -0,0 +1,18 @@ +/* + * SPDX-FileCopyrightText: syuilo and misskey-project + * SPDX-License-Identifier: AGPL-3.0-only + */ + +import type { CaptchaErrorCode } from '@/core/CaptchaService.js'; + +export class CaptchaError extends Error { + public readonly code: CaptchaErrorCode; + public readonly cause?: unknown; + + constructor(code: CaptchaErrorCode, message: string, cause?: unknown) { + super(message, cause ? { cause } : undefined); + this.code = code; + this.cause = cause; + this.name = 'CaptchaError'; + } +} diff --git a/packages/backend/src/misc/render-inline-error.ts b/packages/backend/src/misc/render-inline-error.ts index 07f9f3068e..886efcb86e 100644 --- a/packages/backend/src/misc/render-inline-error.ts +++ b/packages/backend/src/misc/render-inline-error.ts @@ -5,7 +5,7 @@ import { IdentifiableError } from '@/misc/identifiable-error.js'; import { StatusError } from '@/misc/status-error.js'; -import { CaptchaError } from '@/core/CaptchaService.js'; +import { CaptchaError } from '@/misc/captcha-error.js'; export function renderInlineError(err: unknown): string { const parts: string[] = []; diff --git a/packages/backend/src/misc/verify-field-link.ts b/packages/backend/src/misc/verify-field-link.ts index f9fc352806..31a356be37 100644 --- a/packages/backend/src/misc/verify-field-link.ts +++ b/packages/backend/src/misc/verify-field-link.ts @@ -8,17 +8,18 @@ import type { HttpRequestService } from '@/core/HttpRequestService.js'; type Field = { name: string, value: string }; -export async function verifyFieldLinks(fields: Field[], profile_url: string, httpRequestService: HttpRequestService): Promise<string[]> { +export async function verifyFieldLinks(fields: Field[], profileUrls: string[], httpRequestService: HttpRequestService): Promise<string[]> { const verified_links = []; - for (const field_url of fields.filter(x => URL.canParse(x.value) && ['http:', 'https:'].includes((new URL(x.value).protocol)))) { + for (const field_url of fields) { try { + // getHtml validates the input URL, so we can safely pass in untrusted values const html = await httpRequestService.getHtml(field_url.value); const doc = cheerio(html); const links = doc('a[rel~="me"][href], link[rel~="me"][href]').toArray(); - const includesProfileLinks = links.some(link => link.attribs.href === profile_url); + const includesProfileLinks = links.some(link => profileUrls.includes(link.attribs.href)); if (includesProfileLinks) { verified_links.push(field_url.value); } |