xTr1m/GameList
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Validate screenshot URLs server- and client-side

Browse Source
This commit is contained in:
Frank Tovar
2026-01-29 01:39:23 +01:00
parent 480c2a6e49
commit 5b62640b76
3 changed files with 39 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
wwwroot/app.js
View File

@@ -296,6 +296,9 @@ function setupHandlers() {
const form = e.target;
const data = Object.fromEntries(new FormData(form).entries());
if (!data.name) return toast("Name required", true);
if (data.screenshotUrl && !isValidImageUrl(data.screenshotUrl)) {
return toast("Screenshot URL must be http(s) and end with an image file.", true);
}
try {
await api.createSuggestion(data);
form.reset();
@@ -468,6 +471,9 @@ function openEditModal(s) {
form?.addEventListener("submit", async (e) => {
e.preventDefault();
const data = Object.fromEntries(new FormData(form).entries());
if (data.screenshotUrl && !isValidImageUrl(data.screenshotUrl)) {
return toast("Screenshot URL must be http(s) and end with an image file.", true);
}
if (!data.name?.trim()) return toast("Name required", true);
try {
await api.updateSuggestion(s.id, data);
@@ -516,3 +522,16 @@ async function main() {
}
main();
function isValidImageUrl(url) {
if (!url) return true;
try {
const u = new URL(url);
const allowed = ["http:", "https:"];
if (!allowed.includes(u.protocol)) return false;
const path = u.pathname.toLowerCase();
return [".png", ".jpg", ".jpeg", ".gif", ".webp", ".avif"].some(ext => path.endsWith(ext));
} catch {
return false;
}
}