fix: use native URL parser instead of wrong regex (#1206)

Updates the current regex based approach for validating redirect urls to instead use the native URL constructor which is available in browsers and Node.js and handles several valid cases that were previously not working.
2025-11-13 08:13:56 +10:00 · 2024-07-31 07:26:05 +02:00
parent 0c744a1123
commit a9025b5d97
7 changed files with 38 additions and 19 deletions
--- a/packages/lib/constants/url-regex.ts
+++ b/packages/lib/constants/url-regex.ts
@ -1,2 +0,0 @@
 export const URL_REGEX =
  /^(https?):\/\/(?:www\.)?(?:[a-zA-Z0-9-]+\.)*[a-zA-Z0-9-]+\.[a-zA-Z0-9()]{2,}(?:\/[a-zA-Z0-9-._?&=/]*)?$/i;
--- a/packages/lib/schemas/common.ts
+++ b/packages/lib/schemas/common.ts
@ -1,12 +1,12 @@
 import { z } from 'zod';
-import { URL_REGEX } from '../constants/url-regex';
+import { isValidRedirectUrl } from '../utils/is-valid-redirect-url';
 /**
 * Note this allows empty strings.
 */
 export const ZUrlSchema = z
  .string()
-  .refine((value) => value === undefined || value === '' || URL_REGEX.test(value), {
+  .refine((value) => value === undefined || value === '' || isValidRedirectUrl(value), {
-    message: 'Please enter a valid URL',
+    message: 'Please enter a valid URL, make sure you include http:// or https:// part of the url.',
  });
--- a/packages/lib/utils/is-valid-redirect-url.ts
+++ b/packages/lib/utils/is-valid-redirect-url.ts
@ -0,0 +1,16 @@
 const ALLOWED_PROTOCOLS = ['http', 'https'];
 export const isValidRedirectUrl = (value: string) => {
  try {
    const url = new URL(value);
    console.log({ protocol: url.protocol });
    if (!ALLOWED_PROTOCOLS.includes(url.protocol.slice(0, -1).toLowerCase())) {
      return false;
    }
    return true;
  } catch {
    return false;
  }
 };
--- a/packages/trpc/server/document-router/schema.ts
+++ b/packages/trpc/server/document-router/schema.ts
@ -1,11 +1,11 @@
 import { z } from 'zod';
 import { URL_REGEX } from '@documenso/lib/constants/url-regex';
 import {
  ZDocumentAccessAuthTypesSchema,
  ZDocumentActionAuthTypesSchema,
 } from '@documenso/lib/types/document-auth';
 import { ZBaseTableSearchParamsSchema } from '@documenso/lib/types/search-params';
 import { isValidRedirectUrl } from '@documenso/lib/utils/is-valid-redirect-url';
 import { FieldType, RecipientRole } from '@documenso/prisma/client';
 export const ZFindDocumentAuditLogsQuerySchema = ZBaseTableSearchParamsSchema.extend({
@ -65,8 +65,9 @@ export const ZSetSettingsForDocumentMutationSchema = z.object({
    redirectUrl: z
      .string()
      .optional()
-      .refine((value) => value === undefined || value === '' || URL_REGEX.test(value), {
+      .refine((value) => value === undefined || value === '' || isValidRedirectUrl(value), {
-        message: 'Please enter a valid URL',
+        message:
          'Please enter a valid URL, make sure you include http:// or https:// part of the url.',
      }),
  }),
 });
@ -131,8 +132,9 @@ export const ZSendDocumentMutationSchema = z.object({
    redirectUrl: z
      .string()
      .optional()
-      .refine((value) => value === undefined || value === '' || URL_REGEX.test(value), {
+      .refine((value) => value === undefined || value === '' || isValidRedirectUrl(value), {
-        message: 'Please enter a valid URL',
+        message:
          'Please enter a valid URL, make sure you include http:// or https:// part of the url.',
      }),
  }),
 });
--- a/packages/trpc/server/template-router/schema.ts
+++ b/packages/trpc/server/template-router/schema.ts
@ -1,11 +1,11 @@
 import { z } from 'zod';
 import { URL_REGEX } from '@documenso/lib/constants/url-regex';
 import {
  ZDocumentAccessAuthTypesSchema,
  ZDocumentActionAuthTypesSchema,
 } from '@documenso/lib/types/document-auth';
 import { ZBaseTableSearchParamsSchema } from '@documenso/lib/types/search-params';
 import { isValidRedirectUrl } from '@documenso/lib/utils/is-valid-redirect-url';
 import { TemplateType } from '@documenso/prisma/client';
 import { ZSignFieldWithTokenMutationSchema } from '../field-router/schema';
@ -96,8 +96,9 @@ export const ZUpdateTemplateSettingsMutationSchema = z.object({
      redirectUrl: z
        .string()
        .optional()
-        .refine((value) => value === undefined || value === '' || URL_REGEX.test(value), {
+        .refine((value) => value === undefined || value === '' || isValidRedirectUrl(value), {
-          message: 'Please enter a valid URL',
+          message:
            'Please enter a valid URL, make sure you include http:// or https:// part of the url.',
        }),
    })
    .optional(),
--- a/packages/ui/primitives/document-flow/add-settings.types.ts
+++ b/packages/ui/primitives/document-flow/add-settings.types.ts
@ -2,11 +2,11 @@ import { z } from 'zod';
 import { DEFAULT_DOCUMENT_DATE_FORMAT } from '@documenso/lib/constants/date-formats';
 import { DEFAULT_DOCUMENT_TIME_ZONE } from '@documenso/lib/constants/time-zones';
 import { URL_REGEX } from '@documenso/lib/constants/url-regex';
 import {
  ZDocumentAccessAuthTypesSchema,
  ZDocumentActionAuthTypesSchema,
 } from '@documenso/lib/types/document-auth';
 import { isValidRedirectUrl } from '@documenso/lib/utils/is-valid-redirect-url';
 export const ZMapNegativeOneToUndefinedSchema = z
  .string()
@ -34,8 +34,9 @@ export const ZAddSettingsFormSchema = z.object({
    redirectUrl: z
      .string()
      .optional()
-      .refine((value) => value === undefined || value === '' || URL_REGEX.test(value), {
+      .refine((value) => value === undefined || value === '' || isValidRedirectUrl(value), {
-        message: 'Please enter a valid URL',
+        message:
          'Please enter a valid URL, make sure you include http:// or https:// part of the url.',
      }),
  }),
 });
--- a/packages/ui/primitives/template-flow/add-template-settings.types.tsx
+++ b/packages/ui/primitives/template-flow/add-template-settings.types.tsx
@ -2,11 +2,11 @@ import { z } from 'zod';
 import { DEFAULT_DOCUMENT_DATE_FORMAT } from '@documenso/lib/constants/date-formats';
 import { DEFAULT_DOCUMENT_TIME_ZONE } from '@documenso/lib/constants/time-zones';
 import { URL_REGEX } from '@documenso/lib/constants/url-regex';
 import {
  ZDocumentAccessAuthTypesSchema,
  ZDocumentActionAuthTypesSchema,
 } from '@documenso/lib/types/document-auth';
 import { isValidRedirectUrl } from '@documenso/lib/utils/is-valid-redirect-url';
 import { ZMapNegativeOneToUndefinedSchema } from '../document-flow/add-settings.types';
@ -27,8 +27,9 @@ export const ZAddTemplateSettingsFormSchema = z.object({
    redirectUrl: z
      .string()
      .optional()
-      .refine((value) => value === undefined || value === '' || URL_REGEX.test(value), {
+      .refine((value) => value === undefined || value === '' || isValidRedirectUrl(value), {
-        message: 'Please enter a valid URL',
+        message:
          'Please enter a valid URL, make sure you include http:// or https:// part of the url.',
      }),
  }),
 });
		`@ -1,2 +0,0 @@`
			`export const URL_REGEX =`
			`/^(https?):\/\/(?:www\.)?(?:[a-zA-Z0-9-]+\.)[a-zA-Z0-9-]+\.[a-zA-Z0-9()]{2,}(?:\/[a-zA-Z0-9-._?&=/])?$/i;`