common/hermes
2
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

fix(url-safety): allow only http and https schemes

Browse Source
This commit is contained in:
aydnOktay
2026-03-24 13:45:33 +03:00
committed by Teknium
parent 8373956850
commit 6af9942327
2 changed files with 11 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
tools/url_safety.py
View File

@@ -263,6 +263,9 @@ def is_safe_url(url: str) -> bool:
parsed = urlparse(url)
hostname = (parsed.hostname or "").strip().lower().rstrip(".")
scheme = (parsed.scheme or "").strip().lower()
if scheme not in {"http", "https"}:
logger.warning("Blocked request — unsupported URL scheme: %s", scheme or "<empty>")
return False
if not hostname:
return False