From 9691497e20ef68c2a222554213695ed33e792e56 Mon Sep 17 00:00:00 2001
From: titanism <101466223+titanism@users.noreply.github.com>
Date: Mon, 5 Feb 2024 23:57:18 -0600
Subject: [PATCH 1/2] fix: fixed wkd.lookup in case of HTML being returned in
 fetch response

---
 src/wkd.js  | 19 ++++++++++++++++++-
 test/wkd.js | 10 ++++++++++
 2 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/src/wkd.js b/src/wkd.js
index 6240a22..f428689 100644
--- a/src/wkd.js
+++ b/src/wkd.js
@@ -15,6 +15,10 @@
 // License along with this library; if not, write to the Free Software
 // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 
+// inspired by `is-html`
+// <https://github.com/sindresorhus/is-html/blob/bc57478683406b11aac25c4a7df78b66c42cc27c/index.js#L1-L11>
+const basic = /\s?<!doctype html>|(<html\b[^>]*>|<body\b[^>]*>|<x-[^>]+>)+/i;
+
 /**
  * This class implements a client for the Web Key Directory (WKD) protocol
  * in order to lookup keys on designated servers.
@@ -69,7 +73,20 @@ class WKD {
       }
     }
 
-    return new Uint8Array(await response.arrayBuffer());
+    const uint8Array = new Uint8Array(await response.arrayBuffer())
+
+    if (response.headers.get('content-type') === 'text/html') {
+      throw new Error('Invalid WKD lookup result (text/html Content-Type header)');
+    }
+
+    // inspired by `is-html`
+    // <https://github.com/sindresorhus/is-html/blob/bc57478683406b11aac25c4a7df78b66c42cc27c/index.js#L1-L11>
+    const str = new TextDecoder().decode(uint8Array);
+    if (str && basic.test(str.trim().slice(0, 1000))) {
+      throw new Error('Invalid WKD lookup result (HTML content detected)');
+    }
+
+    return uint8Array;
   }
 }
 
diff --git a/test/wkd.js b/test/wkd.js
index 11dc729..c9fcd7d 100644
--- a/test/wkd.js
+++ b/test/wkd.js
@@ -29,6 +29,16 @@ describe('WKD unit tests', function() {
         expect(error.message).to.equal('Direct WKD lookup failed: Not Found')
       });
     });
+
+    it('by email address should not work on invalid website', function() {
+      return wkd.lookup({
+        email: 'beep@boop.com'
+      }).then(function() {
+        throw new Error('Lookup should throw an error');
+      }).catch(function(error) {
+        expect(error.message).to.equal('Invalid WKD lookup result (text/html Content-Type header)');
+      });
+    });
   });
 
 });

From 5f803b91aa301e603ea1b2403558a617ead84586 Mon Sep 17 00:00:00 2001
From: titanism <101466223+titanism@users.noreply.github.com>
Date: Tue, 13 Aug 2024 10:48:53 -0500
Subject: [PATCH 2/2] Update wkd.js

---
 src/wkd.js | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/src/wkd.js b/src/wkd.js
index f428689..f942f70 100644
--- a/src/wkd.js
+++ b/src/wkd.js
@@ -75,10 +75,6 @@ class WKD {
 
     const uint8Array = new Uint8Array(await response.arrayBuffer())
 
-    if (response.headers.get('content-type') === 'text/html') {
-      throw new Error('Invalid WKD lookup result (text/html Content-Type header)');
-    }
-
     // inspired by `is-html`
     // <https://github.com/sindresorhus/is-html/blob/bc57478683406b11aac25c4a7df78b66c42cc27c/index.js#L1-L11>
     const str = new TextDecoder().decode(uint8Array);