mirror of
https://iceshrimp.dev/iceshrimp/iceshrimp
synced 2024-11-25 15:46:06 +09:00
security: validate image url (#9882)
It looks like url validations are added inf7564d87b0
, but I found another validation commit not applied in Calckey, so I cherry-picked0da0cc80b9
from [Misskey](https://github.com/misskey-dev/misskey). Co-authored-by: syuilo <Syuilotan@yahoo.co.jp> Co-authored-by: naskya <m@naskya.net> Reviewed-on: https://codeberg.org/calckey/calckey/pulls/9882 Co-authored-by: naskya <naskya@noreply.codeberg.org> Co-committed-by: naskya <naskya@noreply.codeberg.org>
This commit is contained in:
parent
def5075bb5
commit
36b88c7286
@ -29,6 +29,10 @@ export async function createImage(
|
||||
throw new Error("invalid image: url not privided");
|
||||
}
|
||||
|
||||
if (!image.url.startsWith("https://") && !image.url.startsWith("http://")) {
|
||||
throw new Error("invalid image: unexpected shcema of url: " + image.url);
|
||||
}
|
||||
|
||||
logger.info(`Creating the Image: ${image.url}`);
|
||||
|
||||
const instance = await fetchMeta();
|
||||
|
Loading…
Reference in New Issue
Block a user