diff options
| author | Julia Johannesen <julia@insertdomain.name> | 2025-04-27 13:05:09 -0400 |
|---|---|---|
| committer | Julia Johannesen <julia@insertdomain.name> | 2025-04-27 13:05:09 -0400 |
| commit | 0bb4e57b0c646a20aa46e6cac545b37682629e89 (patch) | |
| tree | cae0d041c41353c1c8a9e8616abc3f609de87194 /packages/frontend-shared | |
| parent | merge: 2025.2.2 (!927) (diff) | |
| download | sharkey-0bb4e57b0c646a20aa46e6cac545b37682629e89.tar.gz sharkey-0bb4e57b0c646a20aa46e6cac545b37682629e89.tar.bz2 sharkey-0bb4e57b0c646a20aa46e6cac545b37682629e89.zip | |
Security fixes
Co-Authored-By: dakkar <dakkar@thenautilus.net>
Diffstat (limited to 'packages/frontend-shared')
| -rw-r--r-- | packages/frontend-shared/js/math.ts | 10 | ||||
| -rw-r--r-- | packages/frontend-shared/js/url.ts | 17 |
2 files changed, 27 insertions, 0 deletions
diff --git a/packages/frontend-shared/js/math.ts b/packages/frontend-shared/js/math.ts new file mode 100644 index 0000000000..528f3b08bf --- /dev/null +++ b/packages/frontend-shared/js/math.ts @@ -0,0 +1,10 @@ +/* + * SPDX-FileCopyrightText: dakkar and other Sharkey contributors + * SPDX-License-Identifier: AGPL-3.0-only + */ + +export function clamp(value: number, min: number, max: number) { + if (value > max) return max; + if (value < min) return min; + return value; +} diff --git a/packages/frontend-shared/js/url.ts b/packages/frontend-shared/js/url.ts index eb830b1eea..e4f9ca513d 100644 --- a/packages/frontend-shared/js/url.ts +++ b/packages/frontend-shared/js/url.ts @@ -26,3 +26,20 @@ export function extractDomain(url: string) { const match = url.match(/^(?:https?:)?(?:\/\/)?(?:[^@\n]+@)?([^:\/\n]+)/im); return match ? match[1] : null; } + +export function maybeMakeRelative(urlStr: string, baseStr: string): string { + try { + const baseObj = new URL(baseStr); + const urlObj = new URL(urlStr); + /* in all places where maybeMakeRelative is used, baseStr is the + * instance's public URL, which can't have path components, so the + * relative URL will always have the whole path from the urlStr + */ + if (urlObj.origin === baseObj.origin) { + return urlObj.pathname + urlObj.search + urlObj.hash; + } + return urlStr; + } catch (e) { + return ''; + } +} |