summaryrefslogtreecommitdiff
path: root/packages/backend/src/misc
diff options
context:
space:
mode:
authorHazelnoot <acomputerdog@gmail.com>2025-07-07 11:46:35 -0400
committerdakkar <dakkar@thenautilus.net>2025-07-27 17:57:30 +0100
commitdc19b181123bfe2e92ca8f7edaee13215724c7fc (patch)
tree95839980002491d9c843193a31428c5227e8c87d /packages/backend/src/misc
parentremove unused console logging fallbacks (diff)
downloadsharkey-dc19b181123bfe2e92ca8f7edaee13215724c7fc.tar.gz
sharkey-dc19b181123bfe2e92ca8f7edaee13215724c7fc.tar.bz2
sharkey-dc19b181123bfe2e92ca8f7edaee13215724c7fc.zip
add comment about validation in verify-field-link.ts
Diffstat (limited to 'packages/backend/src/misc')
-rw-r--r--packages/backend/src/misc/verify-field-link.ts1
1 files changed, 1 insertions, 0 deletions
diff --git a/packages/backend/src/misc/verify-field-link.ts b/packages/backend/src/misc/verify-field-link.ts
index f90b25248f..37161f16e5 100644
--- a/packages/backend/src/misc/verify-field-link.ts
+++ b/packages/backend/src/misc/verify-field-link.ts
@@ -12,6 +12,7 @@ export async function verifyFieldLinks(fields: Field[], profile_url: string, htt
const verified_links = [];
for (const field_url of fields) {
try {
+ // getHtml validates the input URL, so we can safely pass in untrusted values
const html = await httpRequestService.getHtml(field_url.value);
const doc = cheerio(html);
generated by cgit v1.2.3-freya (git 2.53.0.84.g453e7b744a) at 2026-03-03 12:05:54 +0000