From 39ed67d667cd75262c8d90216c9c5e855232f9fb Mon Sep 17 00:00:00 2001 From: Lorenzo Alberto Maria Ambrosi Date: Fri, 24 Apr 2020 15:04:24 +0200 Subject: [PATCH] Allow http/https only for Flash from URL Change-type: patch Changelog-entry: Allow http/https only for Flash from URL Signed-off-by: Lorenzo Alberto Maria Ambrosi --- .../source-selector/source-selector.tsx | 15 ++++++++++++++- lib/shared/messages.ts | 4 ++++ 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/lib/gui/app/components/source-selector/source-selector.tsx b/lib/gui/app/components/source-selector/source-selector.tsx index 571ec283..9fe329eb 100644 --- a/lib/gui/app/components/source-selector/source-selector.tsx +++ b/lib/gui/app/components/source-selector/source-selector.tsx @@ -47,7 +47,7 @@ import { SVGIcon } from '../svg-icon/svg-icon'; const recentUrlImagesKey = 'recentUrlImages'; -function normalizeRecentUrlImages(urls: any[]): string[] { +function normalizeRecentUrlImages(urls: any): string[] { if (!Array.isArray(urls)) { urls = []; } @@ -362,6 +362,19 @@ export class SourceSelector extends React.Component< path: imagePath, }); } else { + if ( + !_.startsWith(imagePath, 'https://') && + !_.startsWith(imagePath, 'http://') + ) { + const invalidImageError = errors.createUserError({ + title: 'Unsupported protocol', + description: messages.error.unsupportedProtocol(), + }); + + osDialog.showError(invalidImageError); + analytics.logEvent('Unsupported protocol', { path: imagePath }); + return; + } source = new sourceDestination.Http(imagePath); } diff --git a/lib/shared/messages.ts b/lib/shared/messages.ts index e6391082..50482f17 100644 --- a/lib/shared/messages.ts +++ b/lib/shared/messages.ts @@ -191,4 +191,8 @@ export const error = { 'Please try again, and contact the Etcher team if the problem persists.', ].join(' '); }, + + unsupportedProtocol: () => { + return 'Only http:// and https:// URLs are supported.'; + }, };