add: simple validation and sanitizing

2026-03-05 15:04:12 +01:00
parent d046c66bc7
commit 9f8ae9a972
7 changed files with 160 additions and 14 deletions
--- a/src/routes/api/scrape-images/+server.ts
+++ b/src/routes/api/scrape-images/+server.ts
@@ -1,6 +1,22 @@
 import { json } from '@sveltejs/kit';
 import type { RequestHandler } from './$types';

+function isValidUrl(urlString: string): boolean {
+	try {
+		const url = new URL(urlString);
+		if (!['http:', 'https:'].includes(url.protocol)) {
+			return false;
+		}
+		const hostname = url.hostname.toLowerCase();
+		if (hostname === 'localhost' || hostname === '127.0.0.1' || hostname === '::1') {
+			return false;
+		}
+		return true;
+	} catch {
+		return false;
+	}
+}
+
 export const POST: RequestHandler = async ({ request }) => {
 	const { url } = await request.json();

@@ -8,6 +24,10 @@ export const POST: RequestHandler = async ({ request }) => {
 		return json({ error: 'URL is required' }, { status: 400 });
 	}

+	if (!isValidUrl(url)) {
+		return json({ error: 'Invalid URL' }, { status: 400 });
+	}
+
 	try {
 		const response = await fetch(url, {
 			headers: {