feat(App): Add security checks for external URLs

author: Stefan Malzner <stefan@adlk.io> 2019-03-05 16:20:40 +0100
committer: Stefan Malzner <stefan@adlk.io> 2019-03-05 16:20:40 +0100
commit: 6e5531ae16d69087856ce7f174ba465bc759394c (patch)
tree: 510ab3208f045dbe574b53123c752b9d9349d5a3 /src/helpers/url-helpers.js
parent: Merge branch 'develop' of https://github.com/meetfranz/franz into develop (diff)
download: ferdium-app-6e5531ae16d69087856ce7f174ba465bc759394c.tar.gz
ferdium-app-6e5531ae16d69087856ce7f174ba465bc759394c.tar.zst
ferdium-app-6e5531ae16d69087856ce7f174ba465bc759394c.zip
1 files changed, 15 insertions, 0 deletions
diff --git a/src/helpers/url-helpers.js b/src/helpers/url-helpers.js
new file mode 100644
index 000000000..750d1f00c
--- /dev/null
+++ b/src/helpers/url-helpers.js
@@ -0,0 +1,15 @@
+import { URL } from 'url';
+import { ALLOWED_PROTOCOLS } from '../config';
+const debug = require('debug')('Franz:Helpers:url');
+export function isValidExternalURL(url) {
+  const parsedUrl = new URL(url);
+  const isAllowed = ALLOWED_PROTOCOLS.includes(parsedUrl.protocol);
+  debug('protocol check is', isAllowed, 'for:', url);
+  return isAllowed;
+}
author	Stefan Malzner <stefan@adlk.io>	2019-03-05 16:20:40 +0100
committer	Stefan Malzner <stefan@adlk.io>	2019-03-05 16:20:40 +0100
commit	6e5531ae16d69087856ce7f174ba465bc759394c (patch)
tree	510ab3208f045dbe574b53123c752b9d9349d5a3 /src/helpers/url-helpers.js
parent	Merge branch 'develop' of https://github.com/meetfranz/franz into develop (diff)
download	ferdium-app-6e5531ae16d69087856ce7f174ba465bc759394c.tar.gz ferdium-app-6e5531ae16d69087856ce7f174ba465bc759394c.tar.zst ferdium-app-6e5531ae16d69087856ce7f174ba465bc759394c.zip

diff --git a/src/helpers/url-helpers.js b/src/helpers/url-helpers.js new file mode 100644 index 000000000..750d1f00c --- /dev/null +++ b/src/helpers/url-helpers.js
@@ -0,0 +1,15 @@
	1	import { URL } from 'url';
	2
	3	import { ALLOWED_PROTOCOLS } from '../config';
	4
	5	const debug = require('debug')('Franz:Helpers:url');
	6
	7	export function isValidExternalURL(url) {
	8	const parsedUrl = new URL(url);
	9
	10	const isAllowed = ALLOWED_PROTOCOLS.includes(parsedUrl.protocol);
	11
	12	debug('protocol check is', isAllowed, 'for:', url);
	13
	14	return isAllowed;
	15	}