From cbb73786018050dd1d12f01cf80cb3926678dc39 Mon Sep 17 00:00:00 2001 From: Lim Chee Aun Date: Sun, 3 Dec 2023 20:40:00 +0800 Subject: [PATCH] Guard against invalid URLs --- src/components/link.jsx | 16 +++++++++------- src/components/status.jsx | 7 ++++++- src/utils/isMastodonLinkMaybe.jsx | 22 +++++++++++++--------- 3 files changed, 28 insertions(+), 17 deletions(-) diff --git a/src/components/link.jsx b/src/components/link.jsx index 9c5184b5..34fe8f7e 100644 --- a/src/components/link.jsx +++ b/src/components/link.jsx @@ -22,13 +22,15 @@ const Link = forwardRef((props, ref) => { // Handle encodeURIComponent of searchParams values if (!!hash && hash !== '/' && hash.includes('?')) { - const parsedHash = new URL(hash, location.origin); // Fake base URL - if (parsedHash.searchParams.size) { - const searchParamsStr = Array.from(parsedHash.searchParams.entries()) - .map(([key, value]) => `${key}=${encodeURIComponent(value)}`) - .join('&'); - hash = parsedHash.pathname + '?' + searchParamsStr; - } + try { + const parsedHash = new URL(hash, location.origin); // Fake base URL + if (parsedHash.searchParams.size) { + const searchParamsStr = Array.from(parsedHash.searchParams.entries()) + .map(([key, value]) => `${key}=${encodeURIComponent(value)}`) + .join('&'); + hash = parsedHash.pathname + '?' + searchParamsStr; + } + } catch (e) {} } const isActive = hash === to || decodeURIComponent(hash) === to; diff --git a/src/components/status.jsx b/src/components/status.jsx index 72d849e7..0b58629e 100644 --- a/src/components/status.jsx +++ b/src/components/status.jsx @@ -2269,7 +2269,12 @@ function _unfurlMastodonLink(instance, url) { theURL = `https://${finalURL}`; } - const urlObj = new URL(theURL); + let urlObj; + try { + urlObj = new URL(theURL); + } catch (e) { + return; + } const domain = urlObj.hostname; const path = urlObj.pathname; // Regex /:username/:id, where username = @username or @username@domain, id = number diff --git a/src/utils/isMastodonLinkMaybe.jsx b/src/utils/isMastodonLinkMaybe.jsx index c093ec7d..a0adb3a9 100644 --- a/src/utils/isMastodonLinkMaybe.jsx +++ b/src/utils/isMastodonLinkMaybe.jsx @@ -1,11 +1,15 @@ export default function isMastodonLinkMaybe(url) { - const { pathname, hash } = new URL(url); - return ( - /^\/.*\/\d+$/i.test(pathname) || - /^\/@[^/]+\/(statuses|posts)\/\w+\/?$/i.test(pathname) || // GoToSocial, Takahe - /^\/notes\/[a-z0-9]+$/i.test(pathname) || // Misskey, Firefish - /^\/notes\/[a-z0-9]+$/i.test(pathname) || // Misskey, Calckey - /^\/(notice|objects)\/[a-z0-9-]+$/i.test(pathname) || // Pleroma - /#\/[^\/]+\.[^\/]+\/s\/.+/i.test(hash) // Phanpy 🫣 - ); + try { + const { pathname, hash } = new URL(url); + return ( + /^\/.*\/\d+$/i.test(pathname) || + /^\/@[^/]+\/(statuses|posts)\/\w+\/?$/i.test(pathname) || // GoToSocial, Takahe + /^\/notes\/[a-z0-9]+$/i.test(pathname) || // Misskey, Firefish + /^\/notes\/[a-z0-9]+$/i.test(pathname) || // Misskey, Calckey + /^\/(notice|objects)\/[a-z0-9-]+$/i.test(pathname) || // Pleroma + /#\/[^\/]+\.[^\/]+\/s\/.+/i.test(hash) // Phanpy 🫣 + ); + } catch (e) { + return false; + } }