From 1563a1b20f72846d617a88510970d0426ab880d3 Mon Sep 17 00:00:00 2001
From: Timothy Carambat <rambat1010@gmail.com>
Date: Thu, 11 Jan 2024 12:29:00 -0800
Subject: [PATCH] Strict link protocol validation (#577)

---
 collector/utils/url/index.js | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/collector/utils/url/index.js b/collector/utils/url/index.js
index 3a7f90721..419c02c25 100644
--- a/collector/utils/url/index.js
+++ b/collector/utils/url/index.js
@@ -1,6 +1,9 @@
+const VALID_PROTOCOLS = ["https:", "http:"];
+
 function validURL(url) {
   try {
-    new URL(url);
+    const destination = new URL(url);
+    if (!VALID_PROTOCOLS.includes(destination.protocol)) return false;
     return true;
   } catch {}
   return false;
-- 
GitLab