do not allow view-source

spatie · Dec 16, 2024 · f791ce0 · f791ce0
1 parent 10a744d
commit f791ce0
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 1 deletion.
diff --git a/src/Browsershot.php b/src/Browsershot.php
@@ -259,7 +259,13 @@ public function setUrl(string $url): static
     {
         $url = trim($url);
 
-        $unsupportedProtocols = ['file://', 'file:/', 'file:\\', 'file:\\\\'];
+        $unsupportedProtocols = [
+            'file://',
+            'file:/',
+            'file:\\',
+            'file:\\\\',
+            'view-source',
+        ];
 
         foreach ($unsupportedProtocols as $unsupportedProtocol) {
             if (str_starts_with(strtolower($url), $unsupportedProtocol)) {

diff --git a/tests/BrowsershotTest.php b/tests/BrowsershotTest.php
@@ -56,9 +56,12 @@
     Browsershot::url($url);
 })->throws(FileUrlNotAllowed::class)->with([
     'file://test',
+    'File://test',
     'file:/test',
     'file:\test',
     'file:\\test',
+    'view-source',
+    'View-Source'
 ]);
 
 it('will not allow a file url that has leading spaces', function () {