From d4ca381c3811c8e8196fa0d6fd83093b70c6b028 Mon Sep 17 00:00:00 2001
From: "yanlong.wang" <yanlong.wang@naiver.org>
Date: Thu, 18 Apr 2024 15:35:06 +0800
Subject: [PATCH] fix: explicitly reject non http protocols

---
 backend/functions/src/cloud-functions/crawler.ts | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/backend/functions/src/cloud-functions/crawler.ts b/backend/functions/src/cloud-functions/crawler.ts
index 11bd4e4..46c21a7 100644
--- a/backend/functions/src/cloud-functions/crawler.ts
+++ b/backend/functions/src/cloud-functions/crawler.ts
@@ -195,6 +195,12 @@ ${this.content}
         let urlToCrawl;
         try {
             urlToCrawl = new URL(normalizeUrl(noSlashURL.trim(), { stripWWW: false, removeTrailingSlash: false, removeSingleSlash: false }));
+            if (urlToCrawl.protocol !== 'http:' && urlToCrawl.protocol !== 'https:') {
+                throw new ParamValidationError({
+                    message: `Invalid protocol ${urlToCrawl.protocol}`,
+                    path: 'url'
+                });
+            }
         } catch (err) {
             throw new ParamValidationError({
                 message: `${err}`,