gh-mirrors/paperless-ngx
1
0
Fork 1
mirror of https://github.com/paperless-ngx/paperless-ngx.git synced 2025-12-23 03:21:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
84c59f45dae74a6193424f23902ac181334e1670
paperless-ngx/src-ui/src/app/pipes/safeurl.pipe.ts
shamoon 84c59f45da Chore: harden SafeUrlPipe
2025-12-18 06:30:58 -08:00

31 lines
1013 B
TypeScript
Raw Blame History

import { Pipe, PipeTransform, inject } from '@angular/core'
import { DomSanitizer } from '@angular/platform-browser'
import { environment } from 'src/environments/environment'
@Pipe({
name: 'safeUrl',
})
export class SafeUrlPipe implements PipeTransform {
private sanitizer = inject(DomSanitizer)
transform(url: string | null) {
if (!url) return this.sanitizer.bypassSecurityTrustResourceUrl('')
try {
const parsed = new URL(url, window.location.origin)
const allowedOrigins = new Set([
window.location.origin,
new URL(environment.apiBaseUrl).origin,
])
const isHttp = ['http:', 'https:'].includes(parsed.protocol)
const originAllowed = allowedOrigins.has(parsed.origin)
if (!isHttp || !originAllowed) {
return this.sanitizer.bypassSecurityTrustResourceUrl('')
}
return this.sanitizer.bypassSecurityTrustResourceUrl(parsed.toString())
} catch {
return this.sanitizer.bypassSecurityTrustResourceUrl('')
}
}
}
Reference in New Issue View Git Blame Copy Permalink