mirror of https://github.com/status-im/codimd.git
fix: use validator.isURL to avoid regex catastrophic backtracking
Signed-off-by: Max Wu <jackymaxj@gmail.com>
This commit is contained in:
parent
85e5d0adfe
commit
eb27db8f3e
|
@ -9,6 +9,8 @@ import { saveAs } from 'file-saver'
|
|||
import escapeHTML from 'lodash/escape'
|
||||
import unescapeHTML from 'lodash/unescape'
|
||||
|
||||
import isURL from 'validator/lib/isURL'
|
||||
|
||||
import { stripTags } from '../../utils/string'
|
||||
|
||||
import getUIElements from './lib/editor/ui-elements'
|
||||
|
@ -178,20 +180,6 @@ function slugifyWithUTF8 (text) {
|
|||
return newText
|
||||
}
|
||||
|
||||
export function isValidURL (str) {
|
||||
const pattern = new RegExp('^(https?:\\/\\/)?' + // protocol
|
||||
'((([a-z\\d]([a-z\\d-]*[a-z\\d])*)\\.)+[a-z]{2,}|' + // domain name
|
||||
'((\\d{1,3}\\.){3}\\d{1,3}))' + // OR ip (v4) address
|
||||
'(\\:\\d+)?(\\/[-a-z\\d%_.~+]*)*' + // port and path
|
||||
'(\\?[;&a-z\\d%_.~+=-]*)?' + // query string
|
||||
'(\\#[-a-z\\d_]*)?$', 'i') // fragment locator
|
||||
if (!pattern.test(str)) {
|
||||
return false
|
||||
} else {
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
||||
// parse meta
|
||||
export function parseMeta (md, edit, view, toc, tocAffix) {
|
||||
let lang = null
|
||||
|
@ -1300,7 +1288,7 @@ const pdfPlugin = new Plugin(
|
|||
|
||||
(match, utils) => {
|
||||
const pdfurl = match[1]
|
||||
if (!isValidURL(pdfurl)) return match[0]
|
||||
if (!isURL(pdfurl)) return match[0]
|
||||
const div = $('<div class="pdf raw"></div>')
|
||||
div.attr('data-pdfurl', pdfurl)
|
||||
return div[0].outerHTML
|
||||
|
|
|
@ -9,6 +9,8 @@ import randomColor from 'randomcolor'
|
|||
import store from 'store'
|
||||
import hljs from 'highlight.js'
|
||||
|
||||
import isURL from 'validator/lib/isURL'
|
||||
|
||||
import _ from 'lodash'
|
||||
|
||||
import wurl from 'wurl'
|
||||
|
@ -41,7 +43,6 @@ import {
|
|||
removeDOMEvents,
|
||||
finishView,
|
||||
generateToc,
|
||||
isValidURL,
|
||||
md,
|
||||
parseMeta,
|
||||
postProcess,
|
||||
|
@ -1400,7 +1401,7 @@ $('#gistImportModalConfirm').click(function () {
|
|||
if (!gisturl) return
|
||||
$('#gistImportModal').modal('hide')
|
||||
$('#gistImportModalContent').val('')
|
||||
if (!isValidURL(gisturl)) {
|
||||
if (!isURL(gisturl)) {
|
||||
showMessageModal('<i class="fa fa-github"></i> Import from Gist', 'Not a valid URL :(', '', '', false)
|
||||
} else {
|
||||
var hostname = wurl('hostname', gisturl)
|
||||
|
@ -1534,7 +1535,7 @@ function replaceAll (data) {
|
|||
function importFromUrl (url) {
|
||||
// console.log(url);
|
||||
if (!url) return
|
||||
if (!isValidURL(url)) {
|
||||
if (!isURL(url)) {
|
||||
showMessageModal('<i class="fa fa-cloud-download"></i> Import from URL', 'Not a valid URL :(', '', '', false)
|
||||
return
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue