@@ -8,9 +8,19 @@ import { UserDBScheme } from '@hawk.so/types';
88export function validateUtmParams ( utm : UserDBScheme [ 'utm' ] ) : boolean {
99 if ( ! utm ) return true ;
1010
11+ // Check if utm is an object
12+ if ( typeof utm !== 'object' || Array . isArray ( utm ) ) {
13+ return false ;
14+ }
15+
1116 const utmKeys = [ 'source' , 'medium' , 'campaign' , 'content' , 'term' ] ;
1217 const providedKeys = Object . keys ( utm ) ;
1318
19+ // Check if utm object is not empty
20+ if ( providedKeys . length === 0 ) {
21+ return true ; // Empty object is valid
22+ }
23+
1424 // Check if all provided keys are valid UTM keys
1525 const hasInvalidKeys = providedKeys . some ( ( key ) => ! utmKeys . includes ( key ) ) ;
1626 if ( hasInvalidKeys ) {
@@ -20,10 +30,16 @@ export function validateUtmParams(utm: UserDBScheme['utm']): boolean {
2030 // Check if values are strings and not too long
2131 for ( const [ key , value ] of Object . entries ( utm ) ) {
2232 if ( value !== undefined && value !== null ) {
23- if ( typeof value !== 'string' || value . length > 200 ) {
33+ if ( typeof value !== 'string' ) {
2434 return false ;
2535 }
26- // Basic sanitization - only allow alphanumeric, spaces, hyphens, underscores, dots
36+
37+ // Check length
38+ if ( value . length === 0 || value . length > 200 ) {
39+ return false ;
40+ }
41+
42+ // Check for valid characters - only allow alphanumeric, spaces, hyphens, underscores, dots
2743 if ( ! / ^ [ a - z A - Z 0 - 9 \s \- _ \. ] + $ / . test ( value ) ) {
2844 return false ;
2945 }
0 commit comments