[Fix] URL inputs to not submit numeric hostnames and url without domain #6482
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
There was a problem hiding this comment.
PR Summary
The changes enhance URL validation to prevent numeric hostnames and URLs without a top-level domain (TLD) from being considered valid.
- Modified
packages/twenty-front/src/utils/validation-schemas/absoluteUrlSchema.tsto include checks for numeric-only strings and ensure the presence of a TLD. - Updated
absoluteUrlSchemato transform input strings and validate them against new criteria, addressing the issue of numeric strings being interpreted as IP addresses.
1 file(s) reviewed, 3 comment(s)
Edit PR Review Bot Settings
|
Hey twenty team, I'm Nabhag, not sure whom to Tag, @Weiko @Bonapara @FelixMalfait I have few more questions before we can review this:
|
|
also I see, should links support something like localhost:3000 <- is this the edge case or overkill ? is there any other case y'all have in mind? |
|
Thanks @Nabhag8848 for your contribution! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
ISSUE (BUG)
Description
When given a string like https://300, it interprets 300 as the hostname, which it then converts to an IP address, what i did was to check if the entire string (ignoring the protocol ) is number then don't submit it all within zod and it makes sense to do that cause.
The range for valid 32-bit unsigned integers is 0 to 4294967295 (which corresponds to 0.0.0.0 to 255.255.255.255) so other than this numbers by default URL objects throws invalid.
Screen.Recording.2024-08-01.at.1.25.30.AM.mov