From ad898cd45d5d501770292492058dfc9c5fe814b0 Mon Sep 17 00:00:00 2001
From: jspenguin2017 <jspenguin2017@users.noreply.github.com>
Date: Sun, 6 May 2018 08:49:20 -0600
Subject: [PATCH] add url validation

---
 src/manifest.json     |  2 +-
 src/reporter/index.js | 29 +++++++++++++++++++++--------
 2 files changed, 22 insertions(+), 9 deletions(-)

diff --git a/src/manifest.json b/src/manifest.json
index d18ed1be4e..1e8592017f 100644
--- a/src/manifest.json
+++ b/src/manifest.json
@@ -56,5 +56,5 @@
     "webRequest",
     "webRequestBlocking"
   ],
-  "version": "14.8"
+  "version": "14.9"
 }
diff --git a/src/reporter/index.js b/src/reporter/index.js
index 5c483f591a..6c46a6b642 100644
--- a/src/reporter/index.js
+++ b/src/reporter/index.js
@@ -48,6 +48,16 @@ const appName = (() => {
     return manifest.name + " " + manifest.version;
 })();
 
+/**
+ * Show a specific error message.
+ * @function
+ * @param {string} msg - The message to show
+ */
+const showError = (msg) => {
+    $("#msg-specific-error p").text(msg);
+    $("#msg-specific-error").addClass("open");
+};
+
 
 $("#details").on("input", updateDetailsLimit);
 updateDetailsLimit();
@@ -58,19 +68,22 @@ $("#send").on("click", async () => {
     const details = $("#details").prop("value");
 
     if (!category) {
-        $("#msg-specific-error p").text("You must choose a category.");
-        $("#msg-specific-error").addClass("open");
+        showError("You must choose a category.");
         return;
     }
-    if (!url) {
-        $("#msg-specific-error p").text("You must fill the URL field.");
-        $("#msg-specific-error").addClass("open");
+    if (
+        !url || !/^https?:/.test(url) ||
+        // Whitelist extension stores
+        url.startsWith("https://chrome.google.com/") ||
+        url.startsWith("https://www.microsoft.com/") ||
+        url.startsWith("https://addons.mozilla.org/")
+    ) {
+        showError("You must enter a valid URL.");
         return;
     }
     if (details.length > detailsLimit) {
-        $("#msg-specific-error p").text("Additional details can be at most "
-            + detailsLimit.toString() + " characters long.");
-        $("#msg-specific-error").addClass("open");
+        showError("Additional details can be at most " +
+            detailsLimit.toString() + " characters long.");
         return;
     }