mirror of
https://github.com/oceanprotocol/market.git
synced 2024-12-02 05:57:29 +01:00
sanitize urls as code scanning suggestions (#1412)
* sanitize url on DebugEditMetadata as code scanning suggestion * sanitize urls
This commit is contained in:
parent
89f2521025
commit
1fcc3b1356
10
src/@utils/url.ts
Normal file
10
src/@utils/url.ts
Normal file
@ -0,0 +1,10 @@
|
||||
export function sanitizeUrl(url: string) {
|
||||
const u = decodeURI(url).trim().toLowerCase()
|
||||
if (
|
||||
u.startsWith('javascript:') ||
|
||||
u.startsWith('data:') ||
|
||||
u.startsWith('vbscript:')
|
||||
)
|
||||
return 'about:blank'
|
||||
return url
|
||||
}
|
@ -3,6 +3,7 @@ import React, { ReactElement } from 'react'
|
||||
import DebugOutput from '@shared/DebugOutput'
|
||||
import { MetadataEditForm } from './_types'
|
||||
import { mapTimeoutStringToSeconds } from '@utils/ddo'
|
||||
import { sanitizeUrl } from '@utils/url'
|
||||
|
||||
export default function DebugEditMetadata({
|
||||
values,
|
||||
@ -12,7 +13,8 @@ export default function DebugEditMetadata({
|
||||
asset: Asset
|
||||
}): ReactElement {
|
||||
const linksTransformed = values.links?.length &&
|
||||
values.links[0].valid && [values.links[0].url.replace('javascript:', '')]
|
||||
values.links[0].valid && [sanitizeUrl(values.links[0].url)]
|
||||
|
||||
const newMetadata: Metadata = {
|
||||
...asset?.metadata,
|
||||
name: values.name,
|
||||
|
@ -23,6 +23,7 @@ import { getOceanConfig } from '@utils/ocean'
|
||||
import EditFeedback from './EditFeedback'
|
||||
import { useAsset } from '@context/Asset'
|
||||
import { setNftMetadata } from '@utils/nft'
|
||||
import { sanitizeUrl } from '@utils/url'
|
||||
|
||||
export default function Edit({
|
||||
asset
|
||||
@ -64,9 +65,7 @@ export default function Edit({
|
||||
) {
|
||||
try {
|
||||
const linksTransformed = values.links?.length &&
|
||||
values.links[0].valid && [
|
||||
values.links[0].url.replace('javascript:', '')
|
||||
]
|
||||
values.links[0].valid && [sanitizeUrl(values.links[0].url)]
|
||||
const updatedMetadata: Metadata = {
|
||||
...asset.metadata,
|
||||
name: values.name,
|
||||
|
@ -31,6 +31,7 @@ import {
|
||||
publisherMarketPoolSwapFee,
|
||||
publisherMarketFixedSwapFee
|
||||
} from '../../../app.config'
|
||||
import { sanitizeUrl } from '@utils/url'
|
||||
|
||||
export function getFieldContent(
|
||||
fieldName: string,
|
||||
@ -95,9 +96,9 @@ export async function transformPublishFormToDdo(
|
||||
|
||||
// Transform from files[0].url to string[] assuming only 1 file
|
||||
const filesTransformed = files?.length &&
|
||||
files[0].valid && [files[0].url.replace('javascript:', '')]
|
||||
files[0].valid && [sanitizeUrl(files[0].url)]
|
||||
const linksTransformed = links?.length &&
|
||||
links[0].valid && [links[0].url.replace('javascript:', '')]
|
||||
links[0].valid && [sanitizeUrl(links[0].url)]
|
||||
|
||||
const newMetadata: Metadata = {
|
||||
created: currentTime,
|
||||
|
Loading…
Reference in New Issue
Block a user