|
|
|
|
@ -31,6 +31,9 @@ function isValidURL(url) {
|
|
|
|
|
if (!['', '443', '80'].includes(url.port)) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
if (url.hostname === 'localhost') {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
const lastDot = url.hostname.lastIndexOf('.');
|
|
|
|
|
if (lastDot < 1) {
|
|
|
|
|
return false;
|
|
|
|
|
@ -38,6 +41,12 @@ function isValidURL(url) {
|
|
|
|
|
if (url.hostname.slice(lastDot) === '.local') {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
if (url.hostname.slice(lastDot + 1).match(/^[\d]+$/)) { // there should be no tld with numbers, possible ipv4
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
if (url.hostname.includes(':')) { // possibly an ipv6 addr; certainly an invalid hostname
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
btw, also refuse localhost?