sendnrw/misskey
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(client): validate urls to improve security

Browse Source
This commit is contained in:
syuilo
2023-02-04 14:20:07 +09:00
parent 2dfed75402
commit 38f9d1e764
4 changed files with 19 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
packages/backend/src/server/web/UrlPreviewService.ts
View File

@@ -73,6 +73,14 @@ export class UrlPreviewService {
});
this.logger.succ(`Got preview of ${url}: ${summary.title}`);
if (summary.url && !(summary.url.startsWith('http://') || summary.url.startsWith('https://'))) {
throw new Error('unsupported schema included');
}
if (summary.player?.url && !(summary.player.url.startsWith('http://') || summary.player.url.startsWith('https://'))) {
throw new Error('unsupported schema included');
}
summary.icon = this.wrap(summary.icon);
summary.thumbnail = this.wrap(summary.thumbnail);