Current implementation:
export const isRelativeURL = (str: string): boolean => /^[^\/]+/[^\/].$|^/[^\/].$/gim.test(str);
This causes incorrect results:
- "test" returns false (should be treated as relative path)
- "." returns false (should be treated as relative path)
- "data:image/gif;base64,..." returns true (should not be treated as relative URL)
There are already TODOs in unit tests indicating this mismatch:
/C:/Users/evilt/Documents/GitHub/Rocket.Chat/apps/meteor/tests/unit/lib/utils/isRelativeURL.spec.ts:8
- /C:/Users/evilt/Documents/GitHub/Rocket.Chat/apps/meteor/tests/unit/lib/utils/isRelativeURL.spec.ts:10
- /C:/Users/evilt/Documents/GitHub/Rocket.Chat/apps/meteor/tests/unit/lib/utils/isRelativeURL.spec.ts:13
This validator is used in message URL validation (validPartialURLParam), so wrong classification can affect which
values are accepted/rejected in message payload fields:
- /C:/Users/evilt/Documents/GitHub/Rocket.Chat/apps/meteor/app/lib/server/functions/sendMessage.ts:47
Expected behavior:
- Relative paths like test, ., ./test, ../test, /test should be handled consistently as relative.
- Scheme-based URLs like https://..., data:..., javascript:... should not be considered relative.
Current implementation:
export const isRelativeURL = (str: string): boolean => /^[^\/]+/[^\/].$|^/[^\/].$/gim.test(str);
This causes incorrect results:
There are already TODOs in unit tests indicating this mismatch:
/C:/Users/evilt/Documents/GitHub/Rocket.Chat/apps/meteor/tests/unit/lib/utils/isRelativeURL.spec.ts:8
This validator is used in message URL validation (validPartialURLParam), so wrong classification can affect which
values are accepted/rejected in message payload fields:
Expected behavior: