Potential fix for code scanning alert no. 8: Incomplete URL substring sanitization (#25)

ArcticFoxPro · github-advanced-security[bot] · web-flow · commit ffc173a378d5 · 2025-02-03T03:47:22.000+08:00
Co-authored-by: Copilot Autofix powered by AI &lt;62310815+github-advanced-security[bot]@users.noreply.github.com&gt;
diff --git a/source/pages/oss-licenses/oss-licenses.js b/source/pages/oss-licenses/oss-licenses.js
@@ -40,7 +40,17 @@ Page({
             version: this.data.licensesBuild[index].version,
             licenseBody: this.data.licensesBuild[index].licenseText,
             repoLink: this.data.licensesBuild[index].repository,
-            repoType: this.data.licensesBuild[index].repository.toLowerCase().includes("github.com") ? "GitHub" : (this.data.licensesBuild[index].repository.toLowerCase().includes("gitlab.com") ? "GitLab" : "Unknown")
+            repoType: (() => {
+                try {
+                    const url = new URL(this.data.licensesBuild[index].repository);
+                    const host = url.host.toLowerCase();
+                    if (host === "github.com") return "GitHub";
+                    if (host === "gitlab.com") return "GitLab";
+                } catch (e) {
+                    console.error("Invalid URL:", e);
+                }
+                return "Unknown";
+            })()
         })
     }, onUnload() {
         this.storeBindings.destroyStoreBindings();
