chore: add try/catch loop

seaerchin · seaerchin · commit 081f8fd534ce · 2025-12-09T12:44:42.000+08:00
we do this so that if there's a drift in validation we can still return
a result
diff --git a/src/shared/util/validation.ts b/src/shared/util/validation.ts
@@ -47,9 +47,17 @@ export function isValidUrl(url: string, useWhitelist = false): boolean {
   if (useWhitelist && isWhitelisted(url)) return true
   if (!validator.isURL(url, URL_OPTS)) return false
 
-  // NOTE: check whether it's an IP
-  const host = new URL(url).hostname
-  return !validator.isIP(host)
+  // NOTE: Reject URLs with IP addresses to prevent the use of internal or private IPs
+  // as long URLs. This is a security measure to mitigate risks such as
+  // Server-Side Request Forgery (SSRF) and unauthorized access to internal resources.
+  try {
+    // NOTE: try/catch to avoid drifts in validation
+    // between validator library and `URL` constructor
+    const host = new URL(url).hostname
+    return !validator.isIP(host)
+  } catch {
+    return false
+  }
 }
 
 // Tests if a short link consists of alphanumeric and hyphen characters.
