summaryrefslogtreecommitdiff
path: root/packages/backend/src/misc/verify-field-link.ts
diff options
context:
space:
mode:
Diffstat (limited to 'packages/backend/src/misc/verify-field-link.ts')
-rw-r--r--packages/backend/src/misc/verify-field-link.ts7
1 files changed, 4 insertions, 3 deletions
diff --git a/packages/backend/src/misc/verify-field-link.ts b/packages/backend/src/misc/verify-field-link.ts
index f9fc352806..31a356be37 100644
--- a/packages/backend/src/misc/verify-field-link.ts
+++ b/packages/backend/src/misc/verify-field-link.ts
@@ -8,17 +8,18 @@ import type { HttpRequestService } from '@/core/HttpRequestService.js';
type Field = { name: string, value: string };
-export async function verifyFieldLinks(fields: Field[], profile_url: string, httpRequestService: HttpRequestService): Promise<string[]> {
+export async function verifyFieldLinks(fields: Field[], profileUrls: string[], httpRequestService: HttpRequestService): Promise<string[]> {
const verified_links = [];
- for (const field_url of fields.filter(x => URL.canParse(x.value) && ['http:', 'https:'].includes((new URL(x.value).protocol)))) {
+ for (const field_url of fields) {
try {
+ // getHtml validates the input URL, so we can safely pass in untrusted values
const html = await httpRequestService.getHtml(field_url.value);
const doc = cheerio(html);
const links = doc('a[rel~="me"][href], link[rel~="me"][href]').toArray();
- const includesProfileLinks = links.some(link => link.attribs.href === profile_url);
+ const includesProfileLinks = links.some(link => profileUrls.includes(link.attribs.href));
if (includesProfileLinks) {
verified_links.push(field_url.value);
}
generated by cgit v1.2.3-freya (git 2.53.0.84.g453e7b744a) at 2026-03-03 02:39:57 +0000