θΏ™ζ˜―indexlocζδΎ›ηš„ζœεŠ‘οΌŒδΈθ¦θΎ“ε…₯任何密码
Skip to content

Strict link protocol validation #577

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jan 11, 2024
Merged

Strict link protocol validation #577

merged 1 commit into from
Jan 11, 2024

Conversation

@timothycarambat
Copy link
Member

@timothycarambat timothycarambat commented Jan 11, 2024

Pull Request Type

  • ✨ feat
  • πŸ› fix
  • ♻️ refactor
  • πŸ’„ style
  • πŸ”¨ chore
  • πŸ“ docs

What is in this change?

Enforce strict link validation to only resolve http and https: type URLs for scraping.

Developer Validations

  • I ran yarn lint from the root of the repo & committed changes
  • Relevant documentation has been updated
  • I have tested my code functionality
  • Docker build succeeds locally

@timothycarambat timothycarambat merged commit 1563a1b into master Jan 11, 2024
@timothycarambat timothycarambat deleted the security/link-protocol-validation branch January 11, 2024 20:29
@review-agent-prime
Copy link

review-agent-prime bot commented Jan 11, 2024

collector/utils/url/index.js

Instead of using an array to store the valid protocols and then using the includes method to check if the protocol is valid, you could use a Set. This would improve the performance of the function, especially if the number of valid protocols increases in the future.
Create Issue
See the diff
Checkout the fix

    const VALID_PROTOCOLS = new Set(["https:", "http:"]);

    function validURL(url) {
      try {
        const destination = new URL(url);
        if (!VALID_PROTOCOLS.has(destination.protocol)) return false;
        return true;
      } catch {}
      return false;
    }
git fetch origin && git checkout -b ReviewBot/Impro-4pudz29 origin/ReviewBot/Impro-4pudz29

AStevensTaylor pushed a commit to PacktDev/anything-llm that referenced this pull request Jan 12, 2024
@timothycarambat @AStevensTaylor
Strict link protocol validation (Mintplex-Labs#577)
86bd4ed
cabwds pushed a commit to cabwds/anything-llm that referenced this pull request Jul 3, 2025
@timothycarambat
Strict link protocol validation (Mintplex-Labs#577)
8b977b4
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@timothycarambat