From 93fc30dada22c66a32a0da6b3b77c8aed22edc63 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kasper=20Rynning-T=C3=B8nnesen?= Date: Wed, 2 May 2018 15:31:59 +0200 Subject: [PATCH] Url validation on thumbnails suggested --- server/handlers/suggestions.js | 20 +++++++++++++++++++- server/public/assets/js/functions.js | 2 +- 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/server/handlers/suggestions.js b/server/handlers/suggestions.js index 7b64a2ea..ba87ef96 100644 --- a/server/handlers/suggestions.js +++ b/server/handlers/suggestions.js @@ -1,5 +1,23 @@ +function isUrl(str) { + var pattern = new RegExp("\\b(((ht|f)tp(s?)\\:\\/\\/|~\\/|\\/)|www.)" + + "(\\w+:\\w+@)?(([-\\w]+\\.)+(com|org|net|gov" + + "|mil|biz|info|mobi|name|aero|jobs|museum" + + "|travel|[a-z]{2}))(:[\\d]{1,5})?" + + "(((\\/([-\\w~!$+|.,=]|%[a-f\\d]{2})+)+|\\/)+|\\?|#)?" + + "((\\?([-\\w~!$+|.,*:]|%[a-f\\d{2}])+=?" + + "([-\\w~!$+|.,*:=]|%[a-f\\d]{2})*)" + + "(&(?:[-\\w~!$+|.,*:]|%[a-f\\d{2}])+=?" + + "([-\\w~!$+|.,*:=]|%[a-f\\d]{2})*)*)*" + + "(#([-\\w~!$+|.,*:=]|%[a-f\\d]{2})*)?\\b"); + if(!pattern.test(str)) { + return false; + } else { + return true; + } +} + function thumbnail(msg, coll, guid, offline, socket) { - if(msg.thumbnail != undefined && msg.channel && msg.channel != undefined){ + if(msg.thumbnail != undefined && msg.channel && msg.channel != undefined && isUrl(msg.thumbnail)){ if(typeof(msg.channel) != "string" || typeof(msg.thumbnail) != "string") { var result = { diff --git a/server/public/assets/js/functions.js b/server/public/assets/js/functions.js index 41f62678..8d155fd3 100644 --- a/server/public/assets/js/functions.js +++ b/server/public/assets/js/functions.js @@ -708,7 +708,7 @@ function toast(msg) { break; case "thumbnail_denied": if(embed) return; - msg = "The thumbnail will be denied"; + msg = "The thumbnail is not an url.."; break; case "description_denied": if(embed) return;