fix: use validator.isURL to avoid regex catastrophic backtracking

Signed-off-by: Max Wu <jackymaxj@gmail.com>

Author: jackycute

public/js/extra.js

@@ -9,6 +9,8 @@ import { saveAs } from 'file-saver'
 import escapeHTML from 'lodash/escape'
 import unescapeHTML from 'lodash/unescape'
 
+import isURL from 'validator/lib/isURL'
+
 import { stripTags } from '../../utils/string'
 
 import getUIElements from './lib/editor/ui-elements'
@@ -178,20 +180,6 @@ function slugifyWithUTF8 (text) {
   return newText
 }
 
-export function isValidURL (str) {
-  const pattern = new RegExp('^(https?:\\/\\/)?' + // protocol
-        '((([a-z\\d]([a-z\\d-]*[a-z\\d])*)\\.)+[a-z]{2,}|' + // domain name
-        '((\\d{1,3}\\.){3}\\d{1,3}))' + // OR ip (v4) address
-        '(\\:\\d+)?(\\/[-a-z\\d%_.~+]*)*' + // port and path
-        '(\\?[;&a-z\\d%_.~+=-]*)?' + // query string
-        '(\\#[-a-z\\d_]*)?$', 'i') // fragment locator
-  if (!pattern.test(str)) {
-    return false
-  } else {
-    return true
-  }
-}
-
 // parse meta
 export function parseMeta (md, edit, view, toc, tocAffix) {
   let lang = null
@@ -1300,7 +1288,7 @@ const pdfPlugin = new Plugin(
 
   (match, utils) => {
     const pdfurl = match[1]
-    if (!isValidURL(pdfurl)) return match[0]
+    if (!isURL(pdfurl)) return match[0]
     const div = $('<div class="pdf raw"></div>')
     div.attr('data-pdfurl', pdfurl)
     return div[0].outerHTML

public/js/index.js

@@ -9,6 +9,8 @@ import randomColor from 'randomcolor'
 import store from 'store'
 import hljs from 'highlight.js'
 
+import isURL from 'validator/lib/isURL'
+
 import _ from 'lodash'
 
 import wurl from 'wurl'
@@ -41,7 +43,6 @@ import {
   removeDOMEvents,
   finishView,
   generateToc,
-  isValidURL,
   md,
   parseMeta,
   postProcess,
@@ -1400,7 +1401,7 @@ $('#gistImportModalConfirm').click(function () {
   if (!gisturl) return
   $('#gistImportModal').modal('hide')
   $('#gistImportModalContent').val('')
-  if (!isValidURL(gisturl)) {
+  if (!isURL(gisturl)) {
     showMessageModal('<i class="fa fa-github"></i> Import from Gist', 'Not a valid URL :(', '', '', false)
   } else {
     var hostname = wurl('hostname', gisturl)
@@ -1534,7 +1535,7 @@ function replaceAll (data) {
 function importFromUrl (url) {
   // console.log(url);
   if (!url) return
-  if (!isValidURL(url)) {
+  if (!isURL(url)) {
     showMessageModal('<i class="fa fa-cloud-download"></i> Import from URL', 'Not a valid URL :(', '', '', false)
     return
   }