From 6e5531ae16d69087856ce7f174ba465bc759394c Mon Sep 17 00:00:00 2001
From: Stefan Malzner <stefan@adlk.io>
Date: Tue, 5 Mar 2019 16:20:40 +0100
Subject: feat(App): Add security checks for external URLs

---
 src/helpers/url-helpers.js | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 src/helpers/url-helpers.js

(limited to 'src/helpers/url-helpers.js')

diff --git a/src/helpers/url-helpers.js b/src/helpers/url-helpers.js
new file mode 100644
index 000000000..750d1f00c
--- /dev/null
+++ b/src/helpers/url-helpers.js
@@ -0,0 +1,15 @@
+import { URL } from 'url';
+
+import { ALLOWED_PROTOCOLS } from '../config';
+
+const debug = require('debug')('Franz:Helpers:url');
+
+export function isValidExternalURL(url) {
+  const parsedUrl = new URL(url);
+
+  const isAllowed = ALLOWED_PROTOCOLS.includes(parsedUrl.protocol);
+
+  debug('protocol check is', isAllowed, 'for:', url);
+
+  return isAllowed;
+}
-- 
cgit v1.2.3-54-g00ecf