Make sure string is valid URL before rendering it as such in invoice details POS data section (#4197)

2026-01-29 02:44:21 +01:00 · 2022-10-06 01:43:18 -07:00
parent d9f8c8d3b1
commit 880635d615
1 changed files with 12 additions and 3 deletions
--- a/BTCPayServer/Views/UIInvoice/PosData.cshtml
+++ b/BTCPayServer/Views/UIInvoice/PosData.cshtml
@@ -1,6 +1,15 @@
@model (Dictionary<string, object> Items, int Level)

-<table class="table table-hover my-0">
+@functions{
+    public bool IsValidURL(string source)
+    {
+        Uri uriResult;
+        return Uri.TryCreate(source, UriKind.Absolute, out uriResult) && 
+            (uriResult.Scheme == Uri.UriSchemeHttp || uriResult.Scheme == Uri.UriSchemeHttps);
+    }
+}
+
+<table class="table my-0">
    @foreach (var (key, value) in Model.Items)
    {
        <tr>
@@ -11,7 +20,7 @@
                    <th class="w-150px">@Safe.Raw(key)</th>
                }
                <td>
-                    @if (Uri.IsWellFormedUriString(str, UriKind.RelativeOrAbsolute))
+                    @if (IsValidURL(str))
                    {
                        <a href="@Safe.Raw(str)" target="_blank" rel="noreferrer noopener">@Safe.Raw(str)</a>
                    }
@@ -28,7 +37,7 @@
                {
                    <th class="w-150px">@Safe.Raw(key)</th>
                    <td>
-                        @if (Uri.IsWellFormedUriString(str2, UriKind.RelativeOrAbsolute))
+                        @if (IsValidURL(str2))
                        {
                            <a href="@Safe.Raw(str2)" target="_blank" rel="noreferrer noopener">@Safe.Raw(str2)</a>
                        }