mirror of
https://iceshrimp.dev/iceshrimp/iceshrimp
synced 2024-12-02 00:38:08 +09:00
security: validate image url (#9882)
It looks like url validations are added inf7564d87b0
, but I found another validation commit not applied in Calckey, so I cherry-picked0da0cc80b9
from [Misskey](https://github.com/misskey-dev/misskey). Co-authored-by: syuilo <Syuilotan@yahoo.co.jp> Co-authored-by: naskya <m@naskya.net> Reviewed-on: https://codeberg.org/calckey/calckey/pulls/9882 Co-authored-by: naskya <naskya@noreply.codeberg.org> Co-committed-by: naskya <naskya@noreply.codeberg.org>
This commit is contained in:
parent
def5075bb5
commit
36b88c7286
@ -29,6 +29,10 @@ export async function createImage(
|
|||||||
throw new Error("invalid image: url not privided");
|
throw new Error("invalid image: url not privided");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!image.url.startsWith("https://") && !image.url.startsWith("http://")) {
|
||||||
|
throw new Error("invalid image: unexpected shcema of url: " + image.url);
|
||||||
|
}
|
||||||
|
|
||||||
logger.info(`Creating the Image: ${image.url}`);
|
logger.info(`Creating the Image: ${image.url}`);
|
||||||
|
|
||||||
const instance = await fetchMeta();
|
const instance = await fetchMeta();
|
||||||
|
Loading…
Reference in New Issue
Block a user