From ee135b7e3ce3360dd551b6def7d678aab2b215a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E3=81=82=E3=82=8F=E3=82=8F=E3=82=8F=E3=81=A8=E3=83=BC?= =?UTF-8?q?=E3=81=AB=E3=82=85?= <17376330+u1-liquid@users.noreply.github.com> Date: Fri, 8 Nov 2024 15:54:42 +0900 Subject: [PATCH] Fix code scanning alert no. 27: DOM text reinterpreted as HTML (MisskeyIO#801) Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- packages/frontend/src/scripts/sound.ts | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/packages/frontend/src/scripts/sound.ts b/packages/frontend/src/scripts/sound.ts index 783baddc939a..44833fee1208 100644 --- a/packages/frontend/src/scripts/sound.ts +++ b/packages/frontend/src/scripts/sound.ts @@ -11,6 +11,15 @@ import { RateLimiter } from '@/scripts/rate-limiter.js'; let ctx: AudioContext; const cache = new Map(); +function isValidUrl(url: string): boolean { + try { + new URL(url); + return true; + } catch (_) { + return false; + } +} + export const soundsTypes = [ // 音声なし null, @@ -260,8 +269,12 @@ export function createSourceNode(buffer: AudioBuffer, opts: { */ export async function getSoundDuration(file: string): Promise { const audioEl = document.createElement('audio'); - audioEl.src = file; - return new Promise((resolve) => { + audioEl.src = isValidUrl(file) ? file : ''; + return new Promise((resolve, reject) => { + if (!audioEl.src) { + reject(new Error('Invalid URL')); + return; + } const si = setInterval(() => { if (audioEl.readyState > 0) { resolve(audioEl.duration * 1000);