fix: lowercase urls to prevent bypass

seaerchin · seaerchin · commit 969d9f48289c · 2025-12-04T15:04:34.000+08:00
diff --git a/src/shared/util/validation.ts b/src/shared/util/validation.ts
@@ -33,7 +33,7 @@ export function isWhitelisted(url: string): boolean {
 
 // Checks if url is blacklisted.
 export function isBlacklisted(url: string): boolean {
-  return blacklist.some((bl) => url.includes(bl))
+  return blacklist.some((bl) => url.toLowerCase().includes(bl))
 }
 
 // Tests if a URL string begins with https://.

Original file line number	Diff line number	Diff line change
`@@ -33,7 +33,7 @@ export function isWhitelisted(url: string): boolean {`
`33`	`33`
`34`	`34`	`// Checks if url is blacklisted.`
`35`	`35`	`export function isBlacklisted(url: string): boolean {`
`36`		`- return blacklist.some((bl) => url.includes(bl))`
	`36`	`+ return blacklist.some((bl) => url.toLowerCase().includes(bl))`
`37`	`37`	`}`
`38`	`38`
`39`	`39`	`// Tests if a URL string begins with https://.`