fix: Tighten valiation around URLs in database fields

closes #6012

server/models/User.test.ts

@@ -13,6 +13,28 @@ afterAll(() => {
 });
 
 describe("user model", () => {
+  describe("create", () => {
+    it("should not allow URLs in name", async () => {
+      await expect(
+        buildUser({
+          name: "www.google.com",
+        })
+      ).rejects.toThrowError();
+
+      await expect(
+        buildUser({
+          name: "My name https://malicious.com",
+        })
+      ).rejects.toThrowError();
+
+      await expect(
+        buildUser({
+          name: "wwwww",
+        })
+      ).resolves.toBeDefined();
+    });
+  });
+
   describe("destroy", () => {
     it("should delete user authentications", async () => {
       const user = await buildUser();

server/models/validators/NotContainsUrl.ts

@@ -8,7 +8,7 @@ export default function NotContainsUrl(target: any, propertyName: string) {
   return addAttributeOptions(target, propertyName, {
     validate: {
       not: {
-        args: /(www|file:|http:|https:)+[^\s]+[\w]/,
+        args: /(www\.|file:|http:|https:)[^\s]+[\w]/,
         msg: "Must not contain a URL",
       },
     },