diff --git a/common/src/misc/tldjs.noop.ts b/common/src/misc/tldjs.noop.ts index 74a02918fb..b3bd6db774 100644 --- a/common/src/misc/tldjs.noop.ts +++ b/common/src/misc/tldjs.noop.ts @@ -1,3 +1,7 @@ export function getDomain(host: string): string | null { return null; } + +export function isValid(host: string): boolean { + return true; +} diff --git a/common/src/misc/utils.ts b/common/src/misc/utils.ts index 5e87d1e7c2..375a58c92e 100644 --- a/common/src/misc/utils.ts +++ b/common/src/misc/utils.ts @@ -221,6 +221,11 @@ export class Utils { if (httpUrl) { try { const url = Utils.getUrlObject(uriString); + const validHostname = tldjs?.isValid != null ? tldjs.isValid(url.hostname) : true; + if (!validHostname) { + return null; + } + if (url.hostname === 'localhost' || Utils.validIpAddress(url.hostname)) { return url.hostname; } diff --git a/spec/common/misc/utils.spec.ts b/spec/common/misc/utils.spec.ts index 4c473c14c8..97c3d1e562 100644 --- a/spec/common/misc/utils.spec.ts +++ b/spec/common/misc/utils.spec.ts @@ -33,6 +33,11 @@ describe('Utils Service', () => { expect(Utils.getDomain('https://localhost')).toBe('localhost'); expect(Utils.getDomain('https://192.168.1.1')).toBe('192.168.1.1'); }); + + it('should reject invalid hostnames', () => { + expect(Utils.getDomain('https://mywebsite.com$.mywebsite.com')).toBeNull(); + expect(Utils.getDomain('https://mywebsite.com!.mywebsite.com')).toBeNull(); + }); }); describe('getHostname', () => {