status-im
/
codimd
mirror of https://github.com/status-im/codimd.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #1430 from hackmdio/bugfix/fix-validate-url-regex 

fix: use validator.isURL to avoid regex catastrophic backtracking
This commit is contained in:
Yukai Huang 2020-02-29 20:04:58 +08:00 committed by GitHub
parent 69a0cb5054 eb27db8f3e
commit 66ec25dddb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
public/js/extra.js
View File

@ -9,6 +9,8 @@ import { saveAs } from 'file-saver'
import escapeHTML from 'lodash/escape'
import unescapeHTML from 'lodash/unescape'
import isURL from 'validator/lib/isURL'
import { stripTags } from '../../utils/string'
import getUIElements from './lib/editor/ui-elements'
@ -178,20 +180,6 @@ function slugifyWithUTF8 (text) {
return newText
}
export function isValidURL (str) {
const pattern = new RegExp('^(https?:\\/\\/)?' + // protocol
'((([a-z\\d]([a-z\\d-]*[a-z\\d])*)\\.)+[a-z]{2,}|' + // domain name
'((\\d{1,3}\\.){3}\\d{1,3}))' + // OR ip (v4) address
'(\\:\\d+)?(\\/[-a-z\\d%_.~+]*)*' + // port and path
'(\\?[;&a-z\\d%_.~+=-]*)?' + // query string
'(\\#[-a-z\\d_]*)?$', 'i') // fragment locator
if (!pattern.test(str)) {
return false
} else {
return true
}
}
// parse meta
export function parseMeta (md, edit, view, toc, tocAffix) {
let lang = null
@ -1300,7 +1288,7 @@ const pdfPlugin = new Plugin(
(match, utils) => {
const pdfurl = match[1]
if (!isValidURL(pdfurl)) return match[0]
if (!isURL(pdfurl)) return match[0]
const div = $('<div class="pdf raw"></div>')
div.attr('data-pdfurl', pdfurl)
return div[0].outerHTML

7
public/js/index.js
View File

@ -9,6 +9,8 @@ import randomColor from 'randomcolor'
import store from 'store'
import hljs from 'highlight.js'
import isURL from 'validator/lib/isURL'
import _ from 'lodash'
import wurl from 'wurl'
@ -41,7 +43,6 @@ import {
removeDOMEvents,
finishView,
generateToc,
isValidURL,
md,
parseMeta,
postProcess,
@ -1400,7 +1401,7 @@ $('#gistImportModalConfirm').click(function () {
if (!gisturl) return
$('#gistImportModal').modal('hide')
$('#gistImportModalContent').val('')
if (!isValidURL(gisturl)) {
if (!isURL(gisturl)) {
showMessageModal('<i class="fa fa-github"></i> Import from Gist', 'Not a valid URL :(', '', '', false)
} else {
var hostname = wurl('hostname', gisturl)
@ -1534,7 +1535,7 @@ function replaceAll (data) {
function importFromUrl (url) {
// console.log(url);
if (!url) return
if (!isValidURL(url)) {
if (!isURL(url)) {
showMessageModal('<i class="fa fa-cloud-download"></i> Import from URL', 'Not a valid URL :(', '', '', false)
return
}