From 7effd946b9aade0435b92db0221ad9dbc9a977ad Mon Sep 17 00:00:00 2001
From: Cubester <cubester.spamlegends@gmail.com>
Date: Fri, 17 Jan 2025 18:38:47 -0500
Subject: [PATCH] URL Validation (Protection against inserting an invalid URL)

---
 extensions/CubesterYT/Webhooks.js | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/extensions/CubesterYT/Webhooks.js b/extensions/CubesterYT/Webhooks.js
index 90730504ab..c133a2bb53 100644
--- a/extensions/CubesterYT/Webhooks.js
+++ b/extensions/CubesterYT/Webhooks.js
@@ -25,6 +25,15 @@
   setupStorage();
   Scratch.vm.runtime.on("PROJECT_LOADED", setupStorage);
 
+  function isURLValid(string) {
+    try {
+      const url = new URL(string);
+      return url.protocol === "http:" || url.protocol === "https:";
+    } catch (error) {
+      return false;
+    }
+  }
+
   function toForm(data) {
     const parts = [];
     const process = (name, value) => {
@@ -147,7 +156,20 @@
           );
         }
       } while (Object.keys(webhooks).includes(name));
-      let URL = prompt(Scratch.translate("Enter Webhook URL:"));
+      let URL;
+      do {
+        URL = prompt(Scratch.translate("Enter Webhook URL:"));
+        if (URL === null) {
+          return;
+        }
+        if (!isURLValid(URL)) {
+          alert(
+            Scratch.translate(
+              "Invalid URL! Please make sure you provide a valid URL."
+            )
+          );
+        }
+      } while (!isURLValid(URL));
       webhooks[name] = { URL, DATA: {}, TYPE: "application/json" };
       hideFromPalette = false;
       Scratch.vm.extensionManager.refreshBlocks();