add comment about validation in verify-field-link.ts

author: Hazelnoot <acomputerdog@gmail.com> 2025-07-07 11:46:35 -0400
committer: dakkar <dakkar@thenautilus.net> 2025-07-27 17:57:30 +0100
commit: dc19b181123bfe2e92ca8f7edaee13215724c7fc (patch)
tree: 95839980002491d9c843193a31428c5227e8c87d /packages/backend
parent: remove unused console logging fallbacks (diff)
download: sharkey-dc19b181123bfe2e92ca8f7edaee13215724c7fc.tar.gz
sharkey-dc19b181123bfe2e92ca8f7edaee13215724c7fc.tar.bz2
sharkey-dc19b181123bfe2e92ca8f7edaee13215724c7fc.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/packages/backend/src/misc/verify-field-link.ts b/packages/backend/src/misc/verify-field-link.ts
index f90b25248f..37161f16e5 100644
--- a/packages/backend/src/misc/verify-field-link.ts
+++ b/packages/backend/src/misc/verify-field-link.ts
@@ -12,6 +12,7 @@ export async function verifyFieldLinks(fields: Field[], profile_url: string, htt
 	const verified_links = [];
 	for (const field_url of fields) {
 		try {
+			// getHtml validates the input URL, so we can safely pass in untrusted values
 			const html = await httpRequestService.getHtml(field_url.value);
 
 			const doc = cheerio(html);
author	Hazelnoot <acomputerdog@gmail.com>	2025-07-07 11:46:35 -0400
committer	dakkar <dakkar@thenautilus.net>	2025-07-27 17:57:30 +0100
commit	dc19b181123bfe2e92ca8f7edaee13215724c7fc (patch)
tree	95839980002491d9c843193a31428c5227e8c87d /packages/backend
parent	remove unused console logging fallbacks (diff)
download	sharkey-dc19b181123bfe2e92ca8f7edaee13215724c7fc.tar.gz sharkey-dc19b181123bfe2e92ca8f7edaee13215724c7fc.tar.bz2 sharkey-dc19b181123bfe2e92ca8f7edaee13215724c7fc.zip