security: validate image url (#9882)
It looks like url validations are added inf7564d87b0
, but I found another validation commit not applied in Calckey, so I cherry-picked0da0cc80b9
from [Misskey](https://github.com/misskey-dev/misskey). Co-authored-by: syuilo <Syuilotan@yahoo.co.jp> Co-authored-by: naskya <m@naskya.net> Reviewed-on: https://codeberg.org/calckey/calckey/pulls/9882 Co-authored-by: naskya <naskya@noreply.codeberg.org> Co-committed-by: naskya <naskya@noreply.codeberg.org>
This commit is contained in:
parent
e0d76ef8ef
commit
00b45ad726
1 changed files with 4 additions and 0 deletions
|
@ -29,6 +29,10 @@ export async function createImage(
|
|||
throw new Error("invalid image: url not privided");
|
||||
}
|
||||
|
||||
if (!image.url.startsWith("https://") && !image.url.startsWith("http://")) {
|
||||
throw new Error("invalid image: unexpected shcema of url: " + image.url);
|
||||
}
|
||||
|
||||
logger.info(`Creating the Image: ${image.url}`);
|
||||
|
||||
const instance = await fetchMeta();
|
||||
|
|
Loading…
Reference in a new issue