fix: valid-url package for url validation

2026-04-24 05:05:50 +08:00 · 2020-11-05 08:41:43 -08:00
parent 07e0763ab7
commit 2d0664b302
4 changed files with 18 additions and 12 deletions
--- a/packages/app/package.json
+++ b/packages/app/package.json
@@ -59,6 +59,7 @@
    "tsconfig-paths-webpack-plugin": "^3.2.0",
    "use-events": "^1.4.1",
    "use-onclickoutside": "^0.3.1",
+    "valid-url": "^1.0.9",
    "webext-redux": "^2.1.2",
    "webpack-hot-middleware": "^2.25.0"
  },
@@ -84,6 +85,7 @@
    "@types/react-test-renderer": "^16.8.2",
    "@types/segment-analytics": "^0.0.32",
    "@types/styled-components": "5.1.0",
+    "@types/valid-url": "^1.0.3",
    "@types/webpack": "^4.41.11",
    "awesome-typescript-loader": "^5.2.1",
    "babel-loader": "^8.1.0",
--- a/packages/app/src/common/validate-url.ts
+++ b/packages/app/src/common/validate-url.ts
@@ -1,13 +1,7 @@
+import { isUri } from 'valid-url';
+
 // https://stackoverflow.com/a/5717133/1141891
 export function validUrl(str: string) {
-  const pattern = new RegExp(
-    '^(https?:\\/\\/)?' + // protocol
-    '((([a-z\\d]([a-z\\d-]*[a-z\\d])*)\\.)+[a-z]{2,}|' + // domain name
-    '((\\d{1,3}\\.){3}\\d{1,3}))' + // OR ip (v4) address
-    '(\\:\\d+)?(\\/[-a-z\\d%_.~+]*)*' + // port and path
-    '(\\?[;&a-z\\d%_.~+=-]*)?' + // query string
-      '(\\#[-a-z\\d_]*)?$',
-    'i'
-  ); // fragment locator
-  return !!pattern.test(str);
+  const sanitized = isUri(str);
+  return !!sanitized;
 }
--- a/packages/app/src/pages/connect/choose-account.tsx
+++ b/packages/app/src/pages/connect/choose-account.tsx
@@ -67,10 +67,10 @@ export const ChooseAccount: React.FC<ChooseAccountProps> = ({ next }) => {
      !wallet.walletConfig.hideWarningForReusingIdentity &&
      authRequest.scopes.includes('publish_data')
    ) {
-      if (validUrl(authRequest && authRequest.redirect_uri)) {
+      if (!validUrl(authRequest.redirect_uri)) {
        throw new Error('Cannot proceed with malformed url');
      }
-      const url = new URL(authRequest?.redirect_uri);
+      const url = new URL(authRequest.redirect_uri);
      const apps = wallet.walletConfig.identities[identityIndex]?.apps;
      if (apps) {
        let newReusedApps: ConfigApp[] = [];
--- a/yarn.lock
+++ b/yarn.lock
@@ -3283,6 +3283,11 @@
  dependencies:
    source-map "^0.6.1"

+"@types/valid-url@^1.0.3":
+  version "1.0.3"
+  resolved "https://registry.yarnpkg.com/@types/valid-url/-/valid-url-1.0.3.tgz#a124389fb953559c7f889795a98620e91adb3687"
+  integrity sha512-+33x29mg+ecU88ODdWpqaie2upIuRkhujVLA7TuJjM823cNMbeggfI6NhxewaRaRF8dy+g33e4uIg/m5Mb3xDQ==
+
 "@types/warning@^3.0.0":
  version "3.0.0"
  resolved "https://registry.yarnpkg.com/@types/warning/-/warning-3.0.0.tgz#0d2501268ad8f9962b740d387c4654f5f8e23e52"
@@ -15956,6 +15961,11 @@ v8-to-istanbul@^4.1.3:
    convert-source-map "^1.6.0"
    source-map "^0.7.3"

+valid-url@^1.0.9:
+  version "1.0.9"
+  resolved "https://registry.yarnpkg.com/valid-url/-/valid-url-1.0.9.tgz#1c14479b40f1397a75782f115e4086447433a200"
+  integrity sha1-HBRHm0DxOXp1eC8RXkCGRHQzogA=
+
 validate-npm-package-license@^3.0.1, validate-npm-package-license@^3.0.3:
  version "3.0.4"
  resolved "https://registry.yarnpkg.com/validate-npm-package-license/-/validate-npm-package-license-3.0.4.tgz#fc91f6b9c7ba15c857f4cb2c5defeec39d4f410a"