feat(admin-ui): add webhook url regex validation #1704

Author: syntrydy

admin-ui/plugins/admin/components/Webhook/WebhookForm.js

@@ -50,7 +50,6 @@ const WebhookForm = () => {
   )
   const dispatch = useDispatch()
   const [modal, setModal] = useState(false)
-
   const validatePayload = (values) => {
     let faulty = false
     if (values.httpRequestBody) {
@@ -64,8 +63,7 @@ const WebhookForm = () => {
         )
       }
     }
-    const isCool = isValid(values.url)
-    if (isValid(values.url) === false) {
+    if (!isValid(values.url)) {
       faulty = true
       formik.setFieldError(
         'url',

admin-ui/plugins/admin/components/Webhook/WebhookURLChecker.js

@@ -1,9 +1,18 @@
 const NOT_ALLOWED = ["http://", "ftp://", "file://", "telnet://", "smb://", "ssh://", "ldap://", "https://192.168", "https://127.0", "https://172", "https://localhost"]
 export const isValid = (url) => {
-    if (url === undefined || url === null) {
+    if (url === undefined || url === null || !isAllowed(url)) {
         return false;
     } else {
-        return isAllowed(url)
+        const pattern = new RegExp(
+            '^(https?:\\/\\/)?' + // protocol
+            '((([a-z\\d]([a-z\\d-]*[a-z\\d])*)\\.)+[a-z]{2,}|' + // domain name
+            '((\\d{1,3}\\.){3}\\d{1,3}))' + // OR ip (v4) address
+            '(\\:\\d+)?(\\/[-a-z\\d%_.~+]*)*' + // port and path
+            '(\\?[;&a-z\\d%_.~+=-]*)?' + // query string
+            '(\\#[-a-z\\d_]*)?$', // fragment locator
+            'i'
+        );
+        return pattern.test(url)
     }
 }
 
@@ -16,4 +25,5 @@ const isAllowed = (url) => {
         }
     }
     return result;
-}
+}
+