Validate theme font and background URLs at the schema layer

`ThemeFontSchema.url` and `ThemeBackgroundSchema.url` previously accepted
any string, relying entirely on downstream `sanitizeUrl()` calls for
protocol enforcement. Tightening the schema to `z.url()` rejects
obviously malformed inputs up front and matches the approach already used
for the relay list (`BlossomServersEventSchema`). `sanitizeUrl()` remains
the authoritative guard for `https:` enforcement at render time.
This commit is contained in:
Alex Gleason
2026-04-16 13:28:48 -05:00
parent f3393b2cc8
commit cbfbca063e
+5 -2
View File
@@ -64,12 +64,15 @@ export const ThemeColorsCompatSchema = z.union([
/** Zod schema for ThemeFont */
export const ThemeFontSchema = z.object({
family: z.string(),
url: z.string().optional(),
// Reject non-URL strings at the schema layer. Downstream consumers still
// run the value through \`sanitizeUrl()\` to enforce \`https:\` and strip
// \`javascript:\`/\`data:\` URIs before use — this is defense-in-depth.
url: z.url().optional(),
});
/** Zod schema for ThemeBackground */
export const ThemeBackgroundSchema = z.object({
url: z.string(),
url: z.url(),
mode: z.enum(['cover', 'tile']).optional(),
dimensions: z.string().optional(),
mimeType: z.string().optional(),