jazzymc/homarr
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

feat: allow custom protocols for app href (#2575)

Browse Source 
Co-authored-by: Manuel <30572287+manuel-rw@users.noreply.github.com>
Co-authored-by: Meier Lukas <meierschlumpf@gmail.com>
This commit is contained in:
Frank van Hoof
2025-05-23 22:19:59 +02:00
committed by GitHub
parent 71516e02c0
commit 09af0a76f6
2 changed files with 27 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
packages/validation/src/app.ts
View File

@@ -4,7 +4,7 @@ export const appHrefSchema = z
.string()
.trim()
.url()
.regex(/^https?:\/\//) // Only allow http and https for security reasons (javascript: is not allowed)
.regex(/^(?!javascript)[a-zA-Z]*:\/\//i) // javascript: is not allowed, i for case insensitive (so Javascript: is also not allowed)
.or(z.literal(""))
.transform((value) => (value.length === 0 ? null : value))
.nullable();