Skip to content

Commit

Permalink
Merge pull request #781 from gagansuie/dev
Browse files Browse the repository at this point in the history
Fix: social url security issues
  • Loading branch information
gagansuie authored Nov 1, 2023
2 parents ff15378 + c042e24 commit e2437ed
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 7 deletions.
17 changes: 13 additions & 4 deletions src/lib/components/Profile/DrawerEditProfile.svelte
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@
}, 200)
}
let username: HTMLInputElement, submitBtn: any
let username: HTMLInputElement, lastUrl: HTMLInputElement, submitBtn: any
let prevUsername = ''
$: useOueryEffect(() => {
Expand Down Expand Up @@ -165,11 +165,20 @@
<div class="relative w-full">
<input
bind:value={inputFields[index]}
bind:this={lastUrl}
type="url"
name={`urls`}
id={`urls`}
class="input input-primary input-bordered w-full"
placeholder="Social URL" />
placeholder="Social URL"
on:input={() => {
if (index === inputFields.length - 1) {
const isValid = isValidUrl(inputFields[index])
lastUrl.setCustomValidity(
inputFields[index] === '' || isValid ? '' : 'Please enter a URL.'
)
}
}} />
<div class="bg-primary w-max absolute right-0 top-0 p-2 h-[48px] rounded-r-lg">
<IconLink />
</div>
Expand Down Expand Up @@ -229,9 +238,9 @@
name="category-search"
placeholder={profile?.category?.length ? '' : 'Category'}
class="input input-primary input-bordered" />
<span class="absolute right-0 top-1/2 text-gray-400 pr-3"
<span class="absolute right-0 top-[60%] text-gray-400 pr-3"
>({maxCategoryLabel})</span>
<span class="absolute flex flex-row gap-2 left-0 top-1/2 pl-5">
<span class="absolute flex flex-row gap-2 left-0 top-[60%] pl-5">
{#if profile?.category?.length}
{#each profile?.category as icon}
<img src={$category_list[icon]} alt="" class="h-5 w-5" />
Expand Down
6 changes: 3 additions & 3 deletions src/lib/utils.ts
Original file line number Diff line number Diff line change
Expand Up @@ -349,7 +349,7 @@ export const objectMonitor = (object: any) => {
export const isValidRtmp = (url: string) => {
const pattern = new RegExp(
'^(rtmps?:\\/\\/|rtmp?:\\/\\/)?' + // protocol
'((([a-z\\d]([a-z\\d-]*[a-z\\d])*)\\.)*[a-z\\d]{2,}|' + // domain name
'((([a-z\\d]([a-z\\d-]*[a-z\\d])?)\\.)*[a-z\\d]{2,}|' + // domain name
'((\\d{1,3}\\.){3}\\d{1,3}))' + // OR ip (v4) address
'(\\:\\d+)?(\\/[-a-z\\d%_.~+]*)*' + // port and path
'(\\?[;&a-z\\d%_.~+=-]*)?' + // query string
Expand All @@ -362,9 +362,9 @@ export const isValidRtmp = (url: string) => {
export const isValidUrl = (url: string) => {
const pattern = new RegExp(
'^(https?:\\/\\/)?' + // protocol
'((([a-z\\d]([a-z\\d-]*[a-z\\d])*)\\.)+[a-z]{2,}|' + // domain name
'((([a-z\\d]([a-z\\d-]*[a-z\\d])?)\\.)+[a-z]{2,}|' + // domain name
'((\\d{1,3}\\.){3}\\d{1,3}))' + // OR ip (v4) address
'(\\:\\d+)?(\\/[-a-z\\d%_.~+@]*)*' + // port and path
'(\\:\\d+)?(\\/[\\@-a-z\\d%_.~+]*)*' + // port and path
'(\\?[;&a-z\\d%_.~+=-]*)?' + // query string
'(\\#[-a-z\\d_]*)?$', // fragment locator
'i'
Expand Down

0 comments on commit e2437ed

Please sign in to comment.