Validate allowed schemes on preview card URLs (#27485)

2023-10-23 03:50:02 -04:00 · 2023-10-23 03:50:02 -04:00 · b0213472df
commit b0213472df
parent 9d45a444f9
2 changed files with 29 additions and 1 deletions
--- a/app/models/preview_card.rb
+++ b/app/models/preview_card.rb
@ -55,7 +55,7 @@ class PreviewCard < ApplicationRecord

  has_attached_file :image, processors: [:thumbnail, :blurhash_transcoder], styles: ->(f) { image_styles(f) }, convert_options: { all: '-quality 90 +profile "!icc,*" +set date:modify +set date:create +set date:timestamp' }, validate_media_type: false

-  validates :url, presence: true, uniqueness: true
+  validates :url, presence: true, uniqueness: true, url: true
  validates_attachment_content_type :image, content_type: IMAGE_MIME_TYPES
  validates_attachment_size :image, less_than: LIMIT
  remotable_attachment :image, LIMIT