diff options
author | Stefan Malzner <stefan@adlk.io> | 2019-03-05 16:20:40 +0100 |
---|---|---|
committer | Stefan Malzner <stefan@adlk.io> | 2019-03-05 16:20:40 +0100 |
commit | 6e5531ae16d69087856ce7f174ba465bc759394c (patch) | |
tree | 510ab3208f045dbe574b53123c752b9d9349d5a3 /src/helpers/url-helpers.js | |
parent | Merge branch 'develop' of https://github.com/meetfranz/franz into develop (diff) | |
download | ferdium-app-6e5531ae16d69087856ce7f174ba465bc759394c.tar.gz ferdium-app-6e5531ae16d69087856ce7f174ba465bc759394c.tar.zst ferdium-app-6e5531ae16d69087856ce7f174ba465bc759394c.zip |
feat(App): Add security checks for external URLs
Diffstat (limited to 'src/helpers/url-helpers.js')
-rw-r--r-- | src/helpers/url-helpers.js | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/src/helpers/url-helpers.js b/src/helpers/url-helpers.js new file mode 100644 index 000000000..750d1f00c --- /dev/null +++ b/src/helpers/url-helpers.js | |||
@@ -0,0 +1,15 @@ | |||
1 | import { URL } from 'url'; | ||
2 | |||
3 | import { ALLOWED_PROTOCOLS } from '../config'; | ||
4 | |||
5 | const debug = require('debug')('Franz:Helpers:url'); | ||
6 | |||
7 | export function isValidExternalURL(url) { | ||
8 | const parsedUrl = new URL(url); | ||
9 | |||
10 | const isAllowed = ALLOWED_PROTOCOLS.includes(parsedUrl.protocol); | ||
11 | |||
12 | debug('protocol check is', isAllowed, 'for:', url); | ||
13 | |||
14 | return isAllowed; | ||
15 | } | ||