mirrors/phanpy
1
0
Fork 0
mirror of https://github.com/cheeaun/phanpy.git synced 2025-03-29 04:39:20 +03:00
Code Issues Projects Releases Packages Wiki Activity

Guard against invalid URLs

Browse source
This commit is contained in:
Lim Chee Aun 2023-12-03 20:40:00 +08:00
parent 012e944a53
commit cbb7378601
3 changed files with 28 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
src/components/link.jsx
View file

@ -22,13 +22,15 @@ const Link = forwardRef((props, ref) => {
// Handle encodeURIComponent of searchParams values // Handle encodeURIComponent of searchParams values
if (!!hash && hash !== '/' && hash.includes('?')) { if (!!hash && hash !== '/' && hash.includes('?')) {
const parsedHash = new URL(hash, location.origin); // Fake base URL try {
if (parsedHash.searchParams.size) { const parsedHash = new URL(hash, location.origin); // Fake base URL
const searchParamsStr = Array.from(parsedHash.searchParams.entries()) if (parsedHash.searchParams.size) {
.map(([key, value]) => `${key}=${encodeURIComponent(value)}`) const searchParamsStr = Array.from(parsedHash.searchParams.entries())
.join('&'); .map(([key, value]) => `${key}=${encodeURIComponent(value)}`)
hash = parsedHash.pathname + '?' + searchParamsStr; .join('&');
} hash = parsedHash.pathname + '?' + searchParamsStr;
}
} catch (e) {}
} }
const isActive = hash === to || decodeURIComponent(hash) === to; const isActive = hash === to || decodeURIComponent(hash) === to;

7
src/components/status.jsx
View file

@ -2269,7 +2269,12 @@ function _unfurlMastodonLink(instance, url) {
theURL = `https://${finalURL}`; theURL = `https://${finalURL}`;
} }
const urlObj = new URL(theURL); let urlObj;
try {
urlObj = new URL(theURL);
} catch (e) {
return;
}
const domain = urlObj.hostname; const domain = urlObj.hostname;
const path = urlObj.pathname; const path = urlObj.pathname;
// Regex /:username/:id, where username = @username or @username@domain, id = number // Regex /:username/:id, where username = @username or @username@domain, id = number

22
src/utils/isMastodonLinkMaybe.jsx
View file

@ -1,11 +1,15 @@
export default function isMastodonLinkMaybe(url) { export default function isMastodonLinkMaybe(url) {
const { pathname, hash } = new URL(url); try {
return ( const { pathname, hash } = new URL(url);
/^\/.*\/\d+$/i.test(pathname) || return (
/^\/@[^/]+\/(statuses|posts)\/\w+\/?$/i.test(pathname) || // GoToSocial, Takahe /^\/.*\/\d+$/i.test(pathname) ||
/^\/notes\/[a-z0-9]+$/i.test(pathname) || // Misskey, Firefish /^\/@[^/]+\/(statuses|posts)\/\w+\/?$/i.test(pathname) || // GoToSocial, Takahe
/^\/notes\/[a-z0-9]+$/i.test(pathname) || // Misskey, Calckey /^\/notes\/[a-z0-9]+$/i.test(pathname) || // Misskey, Firefish
/^\/(notice|objects)\/[a-z0-9-]+$/i.test(pathname) || // Pleroma /^\/notes\/[a-z0-9]+$/i.test(pathname) || // Misskey, Calckey
/#\/[^\/]+\.[^\/]+\/s\/.+/i.test(hash) // Phanpy 🫣 /^\/(notice|objects)\/[a-z0-9-]+$/i.test(pathname) || // Pleroma
); /#\/[^\/]+\.[^\/]+\/s\/.+/i.test(hash) // Phanpy 🫣
);
} catch (e) {
return false;
}
} }