Implementing #10 #13
Implementing #10 #13
Conversation
Could we integrate this validator into the website? Note: Markdown files may contain HTML. |
|
I would like to keep it here as well for now, because it allows to develop the service on its own. I will create another PR for the website. |
|
Sure. I'll take a look later (or maybe @rnestler has time to review). |
| @media (min-width: 700px) { | ||
| section { width: 60%; padding: 42px 20%; min-height: 42vh; } | ||
| img { max-width: 700px; } | ||
| } |
There was a problem hiding this comment.
I'd suggest to use consistent indentation style in the future, but it's not really important, so feel free to ignore my nagging :)
There was a problem hiding this comment.
I had the setting to 2 spaces, I agree the html, body ... part should be improoved.
| <input id="input_url" type="url" value="https://status.crdmp.ch/"> | ||
| <input id="submit_validate_url" type="submit" value="Validate URL"> | ||
| <input id="input_url" type="url" value="https://status.crdmp.ch/" /> | ||
| <input id="submit_validate_url" type="submit" value="Validate URL" /> |
| <pre id="OK">OK</pre> | ||
| <pre id="ERROR">ERROR</pre> | ||
| <pre id="processing">Processing request, please hold ...</pre> | ||
| <pre id="fetching">Fetching data, please hold ...</pre> |
There was a problem hiding this comment.
Why capitalization for OK and ERROR but not for the other two values? #nag
There was a problem hiding this comment.
The capitalized values are sent by the server, the other events originate locally.
| if (req.bodyUsed) { | ||
| appendLog('fetch parse fail: ' + message); | ||
| } else { | ||
| message = 'is <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS" target="_blank">CORS</a> enabled? Check the iFrame for content\n' + message; |
There was a problem hiding this comment.
Hm, I wonder if we really need code to handle misconfigured servers...
There was a problem hiding this comment.
If we do not, the UI will run into a timeout.
| function validate_url(ev) { | ||
| banner.className = 'fetching'; | ||
| ev.preventDefault(); | ||
| offlineCheck(); | ||
|
|
||
| var url = getValue(url_input); | ||
| if (url.indexOf('http://') === -1 && url.indexOf('https://') === -1) { | ||
| appendLog('\nInvalid URL: '+url); | ||
| appendLog('Invalid URL: '+url); | ||
| setBanner('ERROR', 'Invalid URL: '+url); |
There was a problem hiding this comment.
I don't think we should validate URLs by testing for the presence of "https?". Why not send a request and then see if that fails because of an invalid URL? Or is there no API for that?
There was a problem hiding this comment.
As far as I know, there is currently no other transport method allowed. (See spacedirectory/meta#5)
There used to be gopher:// and ftp://.
file:// is not allowed for security reasons.
| fetch(req) | ||
| .then(function(response) { | ||
| return response.text(); | ||
| }) | ||
| .then(function(response) { | ||
| appendLog('fetched: ' + response); | ||
| document.querySelector(textarea_selector).innerHTML = response; | ||
| // store response into the textarea, FIXME this is currently exploitable, paste a HTML page |
There was a problem hiding this comment.
This will require some time to fix.
It is currently only exploitable when the user pasts an untrusted URI. See #17
|
I guess this is obsolete now that the validator is integrated into the website (SpaceApi/website#4). |
Implements #10
Can we deploy this?