verify that preview URL is valid
This commit is contained in:
@@ -65,7 +65,7 @@ export class UrlPreviewService {
|
||||
reply: FastifyReply,
|
||||
): Promise<object | undefined> {
|
||||
const url = request.query.url;
|
||||
if (typeof url !== 'string') {
|
||||
if (typeof url !== 'string' || !URL.canParse(url)) {
|
||||
reply.code(400);
|
||||
return;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user