From d1965bf9a32bfc1ae54a8f5a5d8f1f96fa676401 Mon Sep 17 00:00:00 2001 From: Hazelnoot <acomputerdog@gmail.com> Date: Mon, 18 Nov 2024 10:41:18 -0500 Subject: [PATCH] verify that preview URL is valid --- packages/backend/src/server/web/UrlPreviewService.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/backend/src/server/web/UrlPreviewService.ts b/packages/backend/src/server/web/UrlPreviewService.ts index 9b5f0acd2..3c9c1002e 100644 --- a/packages/backend/src/server/web/UrlPreviewService.ts +++ b/packages/backend/src/server/web/UrlPreviewService.ts @@ -52,7 +52,7 @@ export class UrlPreviewService { reply: FastifyReply, ): Promise<object | undefined> { const url = request.query.url; - if (typeof url !== 'string') { + if (typeof url !== 'string' || !URL.canParse(url)) { reply.code(400); return; }