mirror of
https://github.com/oceanprotocol/market.git
synced 2024-12-02 05:57:29 +01:00
sanitize urls as code scanning suggestions (#1412)
* sanitize url on DebugEditMetadata as code scanning suggestion * sanitize urls
This commit is contained in:
parent
89f2521025
commit
1fcc3b1356
10
src/@utils/url.ts
Normal file
10
src/@utils/url.ts
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
export function sanitizeUrl(url: string) {
|
||||||
|
const u = decodeURI(url).trim().toLowerCase()
|
||||||
|
if (
|
||||||
|
u.startsWith('javascript:') ||
|
||||||
|
u.startsWith('data:') ||
|
||||||
|
u.startsWith('vbscript:')
|
||||||
|
)
|
||||||
|
return 'about:blank'
|
||||||
|
return url
|
||||||
|
}
|
@ -3,6 +3,7 @@ import React, { ReactElement } from 'react'
|
|||||||
import DebugOutput from '@shared/DebugOutput'
|
import DebugOutput from '@shared/DebugOutput'
|
||||||
import { MetadataEditForm } from './_types'
|
import { MetadataEditForm } from './_types'
|
||||||
import { mapTimeoutStringToSeconds } from '@utils/ddo'
|
import { mapTimeoutStringToSeconds } from '@utils/ddo'
|
||||||
|
import { sanitizeUrl } from '@utils/url'
|
||||||
|
|
||||||
export default function DebugEditMetadata({
|
export default function DebugEditMetadata({
|
||||||
values,
|
values,
|
||||||
@ -12,7 +13,8 @@ export default function DebugEditMetadata({
|
|||||||
asset: Asset
|
asset: Asset
|
||||||
}): ReactElement {
|
}): ReactElement {
|
||||||
const linksTransformed = values.links?.length &&
|
const linksTransformed = values.links?.length &&
|
||||||
values.links[0].valid && [values.links[0].url.replace('javascript:', '')]
|
values.links[0].valid && [sanitizeUrl(values.links[0].url)]
|
||||||
|
|
||||||
const newMetadata: Metadata = {
|
const newMetadata: Metadata = {
|
||||||
...asset?.metadata,
|
...asset?.metadata,
|
||||||
name: values.name,
|
name: values.name,
|
||||||
|
@ -23,6 +23,7 @@ import { getOceanConfig } from '@utils/ocean'
|
|||||||
import EditFeedback from './EditFeedback'
|
import EditFeedback from './EditFeedback'
|
||||||
import { useAsset } from '@context/Asset'
|
import { useAsset } from '@context/Asset'
|
||||||
import { setNftMetadata } from '@utils/nft'
|
import { setNftMetadata } from '@utils/nft'
|
||||||
|
import { sanitizeUrl } from '@utils/url'
|
||||||
|
|
||||||
export default function Edit({
|
export default function Edit({
|
||||||
asset
|
asset
|
||||||
@ -64,9 +65,7 @@ export default function Edit({
|
|||||||
) {
|
) {
|
||||||
try {
|
try {
|
||||||
const linksTransformed = values.links?.length &&
|
const linksTransformed = values.links?.length &&
|
||||||
values.links[0].valid && [
|
values.links[0].valid && [sanitizeUrl(values.links[0].url)]
|
||||||
values.links[0].url.replace('javascript:', '')
|
|
||||||
]
|
|
||||||
const updatedMetadata: Metadata = {
|
const updatedMetadata: Metadata = {
|
||||||
...asset.metadata,
|
...asset.metadata,
|
||||||
name: values.name,
|
name: values.name,
|
||||||
|
@ -31,6 +31,7 @@ import {
|
|||||||
publisherMarketPoolSwapFee,
|
publisherMarketPoolSwapFee,
|
||||||
publisherMarketFixedSwapFee
|
publisherMarketFixedSwapFee
|
||||||
} from '../../../app.config'
|
} from '../../../app.config'
|
||||||
|
import { sanitizeUrl } from '@utils/url'
|
||||||
|
|
||||||
export function getFieldContent(
|
export function getFieldContent(
|
||||||
fieldName: string,
|
fieldName: string,
|
||||||
@ -95,9 +96,9 @@ export async function transformPublishFormToDdo(
|
|||||||
|
|
||||||
// Transform from files[0].url to string[] assuming only 1 file
|
// Transform from files[0].url to string[] assuming only 1 file
|
||||||
const filesTransformed = files?.length &&
|
const filesTransformed = files?.length &&
|
||||||
files[0].valid && [files[0].url.replace('javascript:', '')]
|
files[0].valid && [sanitizeUrl(files[0].url)]
|
||||||
const linksTransformed = links?.length &&
|
const linksTransformed = links?.length &&
|
||||||
links[0].valid && [links[0].url.replace('javascript:', '')]
|
links[0].valid && [sanitizeUrl(links[0].url)]
|
||||||
|
|
||||||
const newMetadata: Metadata = {
|
const newMetadata: Metadata = {
|
||||||
created: currentTime,
|
created: currentTime,
|
||||||
|
Loading…
Reference in New Issue
Block a user