verify that preview URL is valid

author: Hazelnoot <acomputerdog@gmail.com> 2024-11-18 10:41:18 -0500
committer: Hazelnoot <acomputerdog@gmail.com> 2024-11-20 22:25:49 -0500
commit: 4c6cec552eb629f6c796bbc42db319e218f89515 (patch)
tree: 832c62591334350bf3f671cd5eada438808d8a24 /packages/backend/src/server
parent: fix lint errors in UrlPreviewService (diff)
download: sharkey-4c6cec552eb629f6c796bbc42db319e218f89515.tar.gz
sharkey-4c6cec552eb629f6c796bbc42db319e218f89515.tar.bz2
sharkey-4c6cec552eb629f6c796bbc42db319e218f89515.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/packages/backend/src/server/web/UrlPreviewService.ts b/packages/backend/src/server/web/UrlPreviewService.ts
index adb188b66f..26ea185586 100644
--- a/packages/backend/src/server/web/UrlPreviewService.ts
+++ b/packages/backend/src/server/web/UrlPreviewService.ts
@@ -65,7 +65,7 @@ export class UrlPreviewService {
 		reply: FastifyReply,
 	): Promise<object | undefined> {
 		const url = request.query.url;
-		if (typeof url !== 'string') {
+		if (typeof url !== 'string' || !URL.canParse(url)) {
 			reply.code(400);
 			return;
 		}
author	Hazelnoot <acomputerdog@gmail.com>	2024-11-18 10:41:18 -0500
committer	Hazelnoot <acomputerdog@gmail.com>	2024-11-20 22:25:49 -0500
commit	4c6cec552eb629f6c796bbc42db319e218f89515 (patch)
tree	832c62591334350bf3f671cd5eada438808d8a24 /packages/backend/src/server
parent	fix lint errors in UrlPreviewService (diff)
download	sharkey-4c6cec552eb629f6c796bbc42db319e218f89515.tar.gz sharkey-4c6cec552eb629f6c796bbc42db319e218f89515.tar.bz2 sharkey-4c6cec552eb629f6c796bbc42db319e218f89515.zip