yuuza/outline
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: Disallow data: URI's for images

Browse Source
This commit is contained in:
Tom Moor
2022-08-09 16:31:09 +02:00
parent 5640ec30cc
commit e5c5e8907a
6 changed files with 29 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
shared/utils/urls.ts
View File

@@ -71,24 +71,24 @@ export function isExternalUrl(url: string) {
}
/**
* For use in the editor, this function will ensure that a link href is
* For use in the editor, this function will ensure that a url is
* potentially valid, and filter out unsupported and malicious protocols.
*
* @param href The href to sanitize
* @param url The url to sanitize
* @returns The sanitized href
*/
export function sanitizeHref(href: string | null | undefined) {
if (!href) {
export function sanitizeUrl(url: string | null | undefined) {
if (!url) {
return undefined;
}
if (
!isUrl(href) &&
!href.startsWith("/") &&
!href.startsWith("#") &&
!href.startsWith("mailto:")
!isUrl(url) &&
!url.startsWith("/") &&
!url.startsWith("#") &&
!url.startsWith("mailto:")
) {
return `https://${href}`;
return `https://${url}`;
}
return href;
return url;
}