diff options
| author | dakkar <dakkar@thenautilus.net> | 2025-07-28 19:28:01 +0000 |
|---|---|---|
| committer | dakkar <dakkar@thenautilus.net> | 2025-07-28 19:28:01 +0000 |
| commit | ce3531ed96da39a4e62cb3651df0b8aee49b912f (patch) | |
| tree | 4def24de3c615351ba6ab86390029b393a81fa2f /packages/backend/src/misc | |
| parent | merge: Fix Postgres / TypeORM errors *FOR STABLE* (!1192) (diff) | |
| parent | fix DI error in HttpRequestService.ts (diff) | |
| download | sharkey-ce3531ed96da39a4e62cb3651df0b8aee49b912f.tar.gz sharkey-ce3531ed96da39a4e62cb3651df0b8aee49b912f.tar.bz2 sharkey-ce3531ed96da39a4e62cb3651df0b8aee49b912f.zip | |
merge: Improve URL validation *FOR STABLE* (!1191)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/1191
Approved-by: Hazelnoot <acomputerdog@gmail.com>
Diffstat (limited to 'packages/backend/src/misc')
| -rw-r--r-- | packages/backend/src/misc/captcha-error.ts | 18 | ||||
| -rw-r--r-- | packages/backend/src/misc/render-inline-error.ts | 2 | ||||
| -rw-r--r-- | packages/backend/src/misc/verify-field-link.ts | 3 |
3 files changed, 21 insertions, 2 deletions
diff --git a/packages/backend/src/misc/captcha-error.ts b/packages/backend/src/misc/captcha-error.ts new file mode 100644 index 0000000000..217018ec68 --- /dev/null +++ b/packages/backend/src/misc/captcha-error.ts @@ -0,0 +1,18 @@ +/* + * SPDX-FileCopyrightText: syuilo and misskey-project + * SPDX-License-Identifier: AGPL-3.0-only + */ + +import type { CaptchaErrorCode } from '@/core/CaptchaService.js'; + +export class CaptchaError extends Error { + public readonly code: CaptchaErrorCode; + public readonly cause?: unknown; + + constructor(code: CaptchaErrorCode, message: string, cause?: unknown) { + super(message, cause ? { cause } : undefined); + this.code = code; + this.cause = cause; + this.name = 'CaptchaError'; + } +} diff --git a/packages/backend/src/misc/render-inline-error.ts b/packages/backend/src/misc/render-inline-error.ts index 07f9f3068e..886efcb86e 100644 --- a/packages/backend/src/misc/render-inline-error.ts +++ b/packages/backend/src/misc/render-inline-error.ts @@ -5,7 +5,7 @@ import { IdentifiableError } from '@/misc/identifiable-error.js'; import { StatusError } from '@/misc/status-error.js'; -import { CaptchaError } from '@/core/CaptchaService.js'; +import { CaptchaError } from '@/misc/captcha-error.js'; export function renderInlineError(err: unknown): string { const parts: string[] = []; diff --git a/packages/backend/src/misc/verify-field-link.ts b/packages/backend/src/misc/verify-field-link.ts index 6a3c950059..31a356be37 100644 --- a/packages/backend/src/misc/verify-field-link.ts +++ b/packages/backend/src/misc/verify-field-link.ts @@ -10,8 +10,9 @@ type Field = { name: string, value: string }; export async function verifyFieldLinks(fields: Field[], profileUrls: string[], httpRequestService: HttpRequestService): Promise<string[]> { const verified_links = []; - for (const field_url of fields.filter(x => URL.canParse(x.value) && ['http:', 'https:'].includes((new URL(x.value).protocol)))) { + for (const field_url of fields) { try { + // getHtml validates the input URL, so we can safely pass in untrusted values const html = await httpRequestService.getHtml(field_url.value); const doc = cheerio(html); |