From 53d385f53e3b7afc358654dc7326254f0718d7ff Mon Sep 17 00:00:00 2001
From: Calvin Montgomery <calzoneman@gmail.com>
Date: Tue, 13 Dec 2016 22:22:25 -0800
Subject: [PATCH] Copy CSS URL validation for JS

---
 src/channel/opts.js | 55 ++++++++++++++++++++++++++++-----------------
 1 file changed, 34 insertions(+), 21 deletions(-)

diff --git a/src/channel/opts.js b/src/channel/opts.js
index c1b7545f..c4d33612 100644
--- a/src/channel/opts.js
+++ b/src/channel/opts.js
@@ -176,8 +176,11 @@ OptionsModule.prototype.handleSetOptions = function (user, data) {
 
         var link = data.externalcss.substring(0, 255).trim();
         if (!link) {
+            sendUpdate = (this.opts.externalcss !== "");
             this.opts.externalcss = "";
-            sendUpdate = true;
+            user.socket.emit("validationPassed", {
+                target: "#cs-externalcss"
+            });
         } else {
             var data = url.parse(link);
             if (!data.protocol || data.protocol !== 'https:') {
@@ -201,31 +204,41 @@ OptionsModule.prototype.handleSetOptions = function (user, data) {
     }
 
     if ("externaljs" in data && user.account.effectiveRank >= 3) {
-        var link = (""+data.externaljs).substring(0, 255);
+        var prefix = "Invalid URL for external JS: ";
+        if (typeof data.externaljs !== "string") {
+            user.socket.emit("validationError", {
+                target: "#cs-externaljs",
+                message: prefix + "URL must be a string, not "
+                        + realTypeOf(data.externaljs)
+            });
+        }
+
+        var link = data.externaljs.substring(0, 255).trim();
         if (!link) {
+            sendUpdate = (this.opts.externaljs !== "");
             this.opts.externaljs = "";
-            sendUpdate = true;
+            user.socket.emit("validationPassed", {
+                target: "#cs-externaljs"
+            });
         } else {
-
-            try {
-                var data = url.parse(link);
-                if (!data.protocol || !data.protocol.match(/^(https?|ftp):/)) {
-                    throw "Unacceptable protocol " + data.protocol;
-                } else if (!data.host) {
-                    throw "URL is missing host";
-                } else {
-                    link = data.href;
-                }
-            } catch (e) {
-                user.socket.emit("errorMsg", {
-                    msg: "Invalid URL for external JS: " + e,
-                    alert: true
+            var data = url.parse(link);
+            if (!data.protocol || data.protocol !== 'https:') {
+                user.socket.emit("validationError", {
+                    target: "#cs-externaljs",
+                    message: prefix + " URL must begin with 'https://'"
                 });
-                return;
+            } else if (!data.host) {
+                user.socket.emit("validationError", {
+                    target: "#cs-externaljs",
+                    message: prefix + "missing hostname"
+                });
+            } else {
+                user.socket.emit("validationPassed", {
+                    target: "#cs-externaljs"
+                });
+                this.opts.externaljs = data.href;
+                sendUpdate = true;
             }
-
-            this.opts.externaljs = link;
-            sendUpdate = true;
         }
     }