Another validation (#1283)

* Simple pre check for `@icon` NOTES: * Will compress args to an object later for clarity Auto-merge
OpenUserJS · Nov 22, 2017 · a1f443d · a1f443d
1 parent 9fb76fd
commit a1f443d
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 4 deletions.
diff --git a/controllers/scriptStorage.js b/controllers/scriptStorage.js
@@ -1174,6 +1174,7 @@ exports.storeScript = function (aUser, aMeta, aBuf, aUpdate, aCallback) {
   var supportURL = null;
   var homepageURLS = null;
   var homepageURL = null;
+  var icon = null;
   var match = null;
   var rLibrary = new RegExp(
     '^(?:(?:(?:https?:)?\/\/' +
@@ -1369,14 +1370,29 @@ exports.storeScript = function (aUser, aMeta, aBuf, aUpdate, aCallback) {
   }
 
 
+  // `@icon` validations
+  icon = findMeta(aMeta, 'UserScript.icon.0.value');
+  if (icon) {
+    if (!isFQUrl(icon, false, true)) {
+
+      // Not a web url... reject
+      aCallback(new statusError({
+        message: '`@icon` not a web url or image data URI in the UserScript metadata block.',
+        code: 400
+      }), null);
+      return;
+    }
+  }
+
+
   // `@supportURL` validations
   supportURL = findMeta(aMeta, 'UserScript.supportURL.0.value');
   if (supportURL) {
     if (!isFQUrl(supportURL, true)) {
 
       // Not a web url... reject
       aCallback(new statusError({
-        message: '`@supportURL` not a web url in the UserScript metadata block.',
+        message: '`@supportURL` not a web url or mailto in the UserScript metadata block.',
         code: 400
       }), null);
       return;

diff --git a/libs/helpers.js b/libs/helpers.js
@@ -148,7 +148,7 @@ exports.updateUrlQueryString = function (aBaseUrl, aDict) {
   return url;
 };
 
-exports.isFQUrl = function (aString, aEmail) {
+exports.isFQUrl = function (aString, aMailto, aDataImg) {
   var URL = url.parse(aString);
 
   var protocol = URL.protocol;
@@ -180,7 +180,9 @@ exports.isFQUrl = function (aString, aEmail) {
 
       return target === source;
     }
-  } else if (aEmail && /^mailto:\S+@\S+/.test(aString)) {
+  } else if (aMailto && /^mailto:\S+@\S+/.test(aString)) {
+    return true;
+  } else if (aDataImg && /^data:image\//.test(aString)) {
     return true;
   }
 

diff --git a/views/pages/newScriptPage.html b/views/pages/newScriptPage.html
@@ -98,6 +98,7 @@ <h5 class="panel-title">
                   <p>Specially formatted on the script page. All values shown in reverse order. If absent <a href="https://spdx.org/licenses/MIT.html"><code>MIT</code></a> <a href="https://opensource.org/licenses/MIT">License <em>(Expat)</em></a> is implied. See <a href="/about/Terms-of-Service#licensing">licensing terms</a> for specifics.</p>
                   <p><strong><code>License Type</code> component is required</strong> using at least one <a href="https://opensource.org/licenses/category">OSI approved</a> <a href="https://spdx.org/licenses/">SPDX short identifier</a> and must be the primary, last, <code>@license</code> key. Single short ids are accepted only per license key. e.g. No conjunctions like <code>AND</code> or <code>OR</code>. These are handled by multiple <code>@license</code> keys.</p>
                   <p><strong><code>; License Homepage</code> component is currently optional</strong></p>
+                  <p>A url of http or https.</p>
                   <p>Single Licensed Example <em>(No specific document license web reference)</em>:
                     <pre class="small"><code>// ==UserScript==</code><br /><code>// ...</code><br />{{#newJSLibrary}}<code>// ==UserLibrary==</code><br />{{/newJSLibrary}}<code>// @license MIT</code><br /><code>// ...</code><br /><code>// ==/UserScript==</code>{{#newJSLibrary}}<br /><code>// ==/UserLibrary==</code><br />{{/newJSLibrary}}</pre>
                   </p>
@@ -119,7 +120,7 @@ <h5 class="panel-title">
               </div>
               <div id="collapse-icon" class="panel-collapse collapse">
                 <div class="panel-body">
-                  <p>A url of http, https, or <a href="https://www.wikipedia.org/wiki/Data_URI_scheme">data uri</a>.</p>
+                  <p>A url of http, https, or an image <a href="https://www.wikipedia.org/wiki/Data_URI_scheme">data uri</a>.</p>
                   <p>Resolution should be near 48px by 48px.</p>
                   <p>Used in the script list page at 16px and on the script page at ~45px.</p>
                   <p>Last value is shown.</p>