Better URL validation

This commit is contained in:
Evert Prants 2019-10-24 11:27:02 +03:00
parent 7ea83415e8
commit 3e632dd91f
Signed by: evert
GPG Key ID: 1688DA83D222D0B5

11
app.js
View File

@ -391,14 +391,13 @@ app.post('/dashboard/link', async (req, res) => {
if (name == null || url == null) return res.jsonp({ error: 'Missing parameters!' }) if (name == null || url == null) return res.jsonp({ error: 'Missing parameters!' })
if (name.length > 120) return res.jsonp({ error: 'Only 120 characters are allowed in the name.' }) if (name.length > 120) return res.jsonp({ error: 'Only 120 characters are allowed in the name.' })
if (name.indexOf('<') !== -1 || name.indexOf('>') !== -1) return res.jsonp({ error: 'HTML tags are forbidden!' }) if (name.length < 3) return res.jsonp({ error: 'Minimum name length is 3 characters.' })
if (name.indexOf('<') !== -1 || name.indexOf('>') !== -1 ||
url.indexOf('<') !== -1 || url.indexOf('>') !== -1) return res.jsonp({ error: 'HTML tags are forbidden!' })
// Validate URL // Validate URL
try { let a = URL.parse(url)
URL.parse(url) if (a.protocol === null || a.host === null || a.slashes !== true) return res.jsonp({ error: 'Invalid URL!' })
} catch (e) {
return res.jsonp({ error: 'Invalid URL!' })
}
// Checks // Checks
let db = await dbPromise let db = await dbPromise