From 13ea190298a22fdb29e70accdc63df231dcdb73f Mon Sep 17 00:00:00 2001 From: Daan Meijer Date: Tue, 5 Nov 2024 20:50:47 +0100 Subject: [PATCH] only allow for valid urls in slack button (#5312) --- server/notification-providers/slack.js | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/server/notification-providers/slack.js b/server/notification-providers/slack.js index 209c7c0c..5e25a1fb 100644 --- a/server/notification-providers/slack.js +++ b/server/notification-providers/slack.js @@ -1,7 +1,7 @@ const NotificationProvider = require("./notification-provider"); const axios = require("axios"); const { setSettings, setting } = require("../util-server"); -const { getMonitorRelativeURL, UP } = require("../../src/util"); +const { getMonitorRelativeURL, UP, log } = require("../../src/util"); class Slack extends NotificationProvider { name = "slack"; @@ -50,15 +50,20 @@ class Slack extends NotificationProvider { const address = this.extractAddress(monitorJSON); if (address) { - actions.push({ - "type": "button", - "text": { - "type": "plain_text", - "text": "Visit site", - }, - "value": "Site", - "url": address, - }); + try { + actions.push({ + "type": "button", + "text": { + "type": "plain_text", + "text": "Visit site", + }, + "value": "Site", + "url": new URL(address), + }); + + } catch (e) { + log.debug("slack", `Failed to parse address ${address} as URL`); + } } return actions;