From 80d50e3d88afe3535e6d19eba2b117eac5d9113a Mon Sep 17 00:00:00 2001
From: Tom Moor <tom.moor@gmail.com>
Date: Thu, 21 Jul 2022 10:51:34 +0100
Subject: [PATCH] fix: Diagrams.net proxy path considered as embeddable

---
 shared/editor/embeds/Diagrams.test.ts | 6 ++++++
 shared/editor/embeds/Diagrams.tsx     | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/shared/editor/embeds/Diagrams.test.ts b/shared/editor/embeds/Diagrams.test.ts
index a5e7cf8b5..1411ab9ef 100644
--- a/shared/editor/embeds/Diagrams.test.ts
+++ b/shared/editor/embeds/Diagrams.test.ts
@@ -11,6 +11,12 @@ describe("Diagrams", () => {
     ).toBeTruthy();
   });
 
+  test("to not be enabled on the proxy path", () => {
+    expect("https://app.diagrams.net/proxy?url=malicious".match(match)).toBe(
+      null
+    );
+  });
+
   test("to not be enabled elsewhere", () => {
     expect("https://app.diagrams.net/#ABCDefgh_A12345-6789".match(match)).toBe(
       null
diff --git a/shared/editor/embeds/Diagrams.tsx b/shared/editor/embeds/Diagrams.tsx
index f115c71dc..060d867fe 100644
--- a/shared/editor/embeds/Diagrams.tsx
+++ b/shared/editor/embeds/Diagrams.tsx
@@ -3,7 +3,7 @@ import Frame from "../components/Frame";
 import Image from "../components/Image";
 import { EmbedProps as Props } from ".";
 
-const URL_REGEX = /^https:\/\/viewer\.diagrams\.net\/.*(title=\\w+)?/;
+const URL_REGEX = /^https:\/\/viewer\.diagrams\.net\/(?!proxy).*(title=\\w+)?/;
 
 export default class Diagrams extends React.Component<Props> {
   static ENABLED = [URL_REGEX];