Merge pull request #548 from codimd/fix/545-urls-with-credentials

Use URL constructor instead of regex to check for valid URL
author: David Mehren 2020-11-10 23:01:58 +0100
committer: GitHub 2020-11-10 23:01:58 +0100
commit: 62fd5c894d177a13299eabf43acde13df333c296 (patch)
tree: 1202582ba432f825a1d40014b9db4b01ac0e9e1e /public
parent: eace0b9e3e02e7cbbb4652b9c0cfce41e946109a (diff)
parent: bd11faa203800921c0cc89fddc7cd902d2d21c38 (diff)
1 files changed, 4 insertions, 9 deletions
diff --git a/public/js/extra.js b/public/js/extra.js
index a6b01a91..0a95b1b1 100644
--- a/public/js/extra.js
+++ b/public/js/extra.js
@@ -178,16 +178,11 @@ function slugifyWithUTF8 (text) {
 }
 
 export function isValidURL (str) {
-  const pattern = new RegExp('^(https?:\\/\\/)?' + // protocol
-        '((([a-z\\d]([a-z\\d-]*[a-z\\d])*)\\.)+[a-z]{2,}|' + // domain name
-        '((\\d{1,3}\\.){3}\\d{1,3}))' + // OR ip (v4) address
-        '(\\:\\d+)?(\\/[-a-z\\d%_.~+]*)*' + // port and path
-        '(\\?[;&a-z\\d%_.~+=-]*)?' + // query string
-        '(\\#[-a-z\\d_]*)?$', 'i') // fragment locator
-  if (!pattern.test(str)) {
+  try {
+    const url = new URL(str)
+    return ['http:', 'https:'].includes(url.protocol)
+  } catch (e) {
     return false
-  } else {
-    return true
   }
 }
author	David Mehren	2020-11-10 23:01:58 +0100
committer	GitHub	2020-11-10 23:01:58 +0100
commit	62fd5c894d177a13299eabf43acde13df333c296 (patch)
tree	1202582ba432f825a1d40014b9db4b01ac0e9e1e /public
parent	eace0b9e3e02e7cbbb4652b9c0cfce41e946109a (diff)
parent	bd11faa203800921c0cc89fddc7cd902d2d21c38 (diff)