Handle relative urls in image upload sanatize

The-Best-Codes · Dec 2, 2024 · edecf8e · edecf8e
1 parent d5d7207
commit edecf8e
Showing 1 changed file with 6 additions and 3 deletions.
diff --git a/public/pages/index/modules/upload.js b/public/pages/index/modules/upload.js
@@ -136,13 +136,16 @@ export class UploadManager {
 
     sanitizeUrl(url) {
         try {
-            // Create a URL object to validate the URL
+            // Handle relative URLs
+            if (url.startsWith('/')) {
+                return encodeURI(url);
+            }
+
+            // For absolute URLs, validate the protocol
             const parsedUrl = new URL(url);
-            // Only allow specific protocols
             if (!['http:', 'https:'].includes(parsedUrl.protocol)) {
                 throw new Error('Invalid URL protocol');
             }
-            // Encode the URL components to prevent XSS
             return encodeURI(url);
         } catch (e) {
             console.error('Invalid URL:', e);