From 3849e8c15aefd72e7fa2cea471f88143708f717e Mon Sep 17 00:00:00 2001 From: Hazelnoot Date: Fri, 4 Jul 2025 14:53:02 -0400 Subject: use shared URL verification in verifyLinkFields --- packages/backend/src/misc/verify-field-link.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'packages/backend/src/misc/verify-field-link.ts') diff --git a/packages/backend/src/misc/verify-field-link.ts b/packages/backend/src/misc/verify-field-link.ts index f9fc352806..f90b25248f 100644 --- a/packages/backend/src/misc/verify-field-link.ts +++ b/packages/backend/src/misc/verify-field-link.ts @@ -10,7 +10,7 @@ type Field = { name: string, value: string }; export async function verifyFieldLinks(fields: Field[], profile_url: string, httpRequestService: HttpRequestService): Promise { const verified_links = []; - for (const field_url of fields.filter(x => URL.canParse(x.value) && ['http:', 'https:'].includes((new URL(x.value).protocol)))) { + for (const field_url of fields) { try { const html = await httpRequestService.getHtml(field_url.value); -- cgit v1.2.3-freya From dc19b181123bfe2e92ca8f7edaee13215724c7fc Mon Sep 17 00:00:00 2001 From: Hazelnoot Date: Mon, 7 Jul 2025 11:46:35 -0400 Subject: add comment about validation in verify-field-link.ts --- packages/backend/src/misc/verify-field-link.ts | 1 + 1 file changed, 1 insertion(+) (limited to 'packages/backend/src/misc/verify-field-link.ts') diff --git a/packages/backend/src/misc/verify-field-link.ts b/packages/backend/src/misc/verify-field-link.ts index f90b25248f..37161f16e5 100644 --- a/packages/backend/src/misc/verify-field-link.ts +++ b/packages/backend/src/misc/verify-field-link.ts @@ -12,6 +12,7 @@ export async function verifyFieldLinks(fields: Field[], profile_url: string, htt const verified_links = []; for (const field_url of fields) { try { + // getHtml validates the input URL, so we can safely pass in untrusted values const html = await httpRequestService.getHtml(field_url.value); const doc = cheerio(html); -- cgit v1.2.3-freya