62 lines
2.1 KiB
Diff
62 lines
2.1 KiB
Diff
diff --git a/dist/index.js b/dist/index.js
|
|
index 9aa8e83684777e860d905ff7a6895995a7347a4f..820797581ac2a33e731e139da3ebc98b4d93fdcf 100644
|
|
--- a/dist/index.js
|
|
+++ b/dist/index.js
|
|
@@ -395,10 +395,13 @@ function validateDownloadUrl(url) {
|
|
message: `Invalid URL: ${url}`
|
|
});
|
|
}
|
|
+ if (parsed.protocol === "data:") {
|
|
+ return;
|
|
+ }
|
|
if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
|
|
throw new DownloadError({
|
|
url,
|
|
- message: `URL scheme must be http or https, got ${parsed.protocol}`
|
|
+ message: `URL scheme must be http, https, or data, got ${parsed.protocol}`
|
|
});
|
|
}
|
|
const hostname = parsed.hostname;
|
|
diff --git a/dist/index.mjs b/dist/index.mjs
|
|
index 095fdc188b1d7f227b42591c78ecb71fe2e2cf8b..ca5227d3b6e358aea8ecd85782a0a2b48130a2c9 100644
|
|
--- a/dist/index.mjs
|
|
+++ b/dist/index.mjs
|
|
@@ -299,10 +299,13 @@ function validateDownloadUrl(url) {
|
|
message: `Invalid URL: ${url}`
|
|
});
|
|
}
|
|
+ if (parsed.protocol === "data:") {
|
|
+ return;
|
|
+ }
|
|
if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
|
|
throw new DownloadError({
|
|
url,
|
|
- message: `URL scheme must be http or https, got ${parsed.protocol}`
|
|
+ message: `URL scheme must be http, https, or data, got ${parsed.protocol}`
|
|
});
|
|
}
|
|
const hostname = parsed.hostname;
|
|
diff --git a/src/validate-download-url.ts b/src/validate-download-url.ts
|
|
index 7c026ad6b400aef551ce3a424c343e1cedc60997..6a2f11398e58f80a8e11995ac1ce5f4d7c110561 100644
|
|
--- a/src/validate-download-url.ts
|
|
+++ b/src/validate-download-url.ts
|
|
@@ -18,11 +18,16 @@ export function validateDownloadUrl(url: string): void {
|
|
});
|
|
}
|
|
|
|
- // Only allow http and https protocols
|
|
+ // data: URLs are inline content and do not make network requests.
|
|
+ if (parsed.protocol === 'data:') {
|
|
+ return;
|
|
+ }
|
|
+
|
|
+ // Only allow http and https network protocols
|
|
if (parsed.protocol !== 'http:' && parsed.protocol !== 'https:') {
|
|
throw new DownloadError({
|
|
url,
|
|
- message: `URL scheme must be http or https, got ${parsed.protocol}`,
|
|
+ message: `URL scheme must be http, https, or data, got ${parsed.protocol}`,
|
|
});
|
|
}
|
|
|