fix is_safe_url

sungamma · Feb 9, 2025 · 5e2ad34 · 5e2ad34
1 parent e9a147d
commit 5e2ad34
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/app/utils/security.py b/app/utils/security.py
@@ -65,6 +65,7 @@ def is_safe_url(url: str, allowed_domains: Union[Set[str], List[str]], strict: b
             netloc = parsed_url.netloc.lower()
             if not netloc:
                 return False
+            netloc_no_port = netloc.split(":")[0]
 
             # 检查每个允许的域名
             allowed_domains = {d.lower() for d in allowed_domains}
@@ -78,7 +79,7 @@ def is_safe_url(url: str, allowed_domains: Union[Set[str], List[str]], strict: b
                         return True
                 else:
                     # 非严格模式下，允许子域名匹配
-                    if netloc == allowed_netloc or netloc.endswith('.' + allowed_netloc):
+                    if netloc_no_port == allowed_netloc or netloc_no_port.endswith('.' + allowed_netloc):
                         return True
 
             return False