cswimr/revite
1
0
Fork 0
mirror of https://github.com/revoltchat/revite.git synced 2024-11-25 08:30:58 -05:00
Code Issues Projects Releases Packages Wiki Activity

Fix Link Whitelist issue

Browse source
This commit is contained in:
dolphin-cat 2024-03-16 19:04:18 +02:00 committed by GitHub
parent 5b6546b761
commit 6cc3329b26
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 1 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
src/lib/links.ts
View file

@ -20,31 +20,6 @@ const ALLOWED_ORIGINS = [
"rolt.chat", "rolt.chat",
]; ];
/**
* Permissible protocols in URLs
*/
const PROTOCOL_WHITELIST = [
"http:",
"https:",
"ftp:",
"ftps:",
"mailto:",
"news:",
"irc:",
"gopher:",
"nntp:",
"feed:",
"telnet:",
"mms:",
"rtsp:",
"svn:",
"git:",
"tel:",
"fax:",
"xmpp:",
"magnet:",
];
/** /**
* Determine what kind of link we are dealing with and sanitise any malicious input * Determine what kind of link we are dealing with and sanitise any malicious input
* @param href Input URL * @param href Input URL
@ -65,9 +40,7 @@ export function determineLink(href?: string): LinkType {
} catch (err) {} } catch (err) {}
if (!internal && url) { if (!internal && url) {
if (PROTOCOL_WHITELIST.includes(url.protocol)) { return { type: "external", href, url };
return { type: "external", href, url };
}
} }
} }