oscar-surf/misskey
oscar-surf/misskey
0
0
Fork 0
Code Issues Activity

fix(client): validate urls to improve security

Browse source
This commit is contained in:
syuilo 2023-02-04 09:10:01 +09:00
parent 572000f868
commit 788ae2f6ca
4 changed files with 4 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
packages/frontend/src/components/MkUrlPreview.vue
View file

@ -86,6 +86,7 @@ let tweetHeight = $ref(150);
let unknownUrl = $ref(false);
const requestUrl = new URL(props.url);
if (!['http:', 'https:'].includes(requestUrl.protocol)) throw new Error('invalid url');
if (requestUrl.hostname === 'twitter.com' || requestUrl.hostname === 'mobile.twitter.com') {
const m = requestUrl.pathname.match(/^\/.+\/status(?:es)?\/(\d+)/);