From ea965847dcd8de09f99b9e9dd3638032e0a1faf3 Mon Sep 17 00:00:00 2001
From: Gabe Kangas <gabek@real-ity.com>
Date: Tue, 16 Feb 2021 11:24:54 -0800
Subject: [PATCH] Change how URLs are validated. Closes
 https://github.com/owncast/owncast/issues/728

---
 web/utils/urls.ts | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/web/utils/urls.ts b/web/utils/urls.ts
index b03a978f6..537a8e863 100644
--- a/web/utils/urls.ts
+++ b/web/utils/urls.ts
@@ -1,4 +1,14 @@
 export function isValidUrl(url: string): boolean {
-  const pattern = /^(?:(?:https?|ftp):\/\/)?(?:(?!(?:10|127)(?:\.\d{1,3}){3})(?!(?:169\.254|192\.168)(?:\.\d{1,3}){2})(?!172\.(?:1[6-9]|2\d|3[0-1])(?:\.\d{1,3}){2})(?:[1-9]\d?|1\d\d|2[01]\d|22[0-3])(?:\.(?:1?\d{1,2}|2[0-4]\d|25[0-5])){2}(?:\.(?:[1-9]\d?|1\d\d|2[0-4]\d|25[0-4]))|(?:(?:[a-z\u00a1-\uffff0-9]-*)*[a-z\u00a1-\uffff0-9]+)(?:\.(?:[a-z\u00a1-\uffff0-9]-*)*[a-z\u00a1-\uffff0-9]+)*(?:\.(?:[a-z\u00a1-\uffff]{2,})))(?::\d{2,5})?(?:\/\S*)?$/i;
-  return !!pattern.test(url);
+  const validProtocols = ['http:', 'https:'];
+
+  try {
+   const validationObject = new URL(url);
+   if (validationObject.protocol === '' || validationObject.hostname === '' || !validProtocols.includes(validationObject.protocol)) {
+     return false
+   }
+  } catch(e) {
+    return false;
+  }
+
+  return true
 }