From ce1a2d5374fa2df3a243cda3966d7fbb4547da55 Mon Sep 17 00:00:00 2001
From: Djorkaeff Alexandre <djorkaeff.unb@gmail.com>
Date: Fri, 20 Mar 2020 13:26:50 -0300
Subject: [PATCH] [FIX] Encode Image URI (#1909)

* [FIX] Encode Image URI

* [FIX] Check if Image is Valid

Co-authored-by: Diego Mello <diegolmello@gmail.com>
---
 app/containers/markdown/index.js | 14 +++++++++++++-
 app/utils/url.js                 |  9 +++++++++
 2 files changed, 22 insertions(+), 1 deletion(-)
 create mode 100644 app/utils/url.js

diff --git a/app/containers/markdown/index.js b/app/containers/markdown/index.js
index 990b2fc66..5f6b29a22 100644
--- a/app/containers/markdown/index.js
+++ b/app/containers/markdown/index.js
@@ -22,6 +22,7 @@ import MarkdownTableCell from './TableCell';
 import mergeTextNodes from './mergeTextNodes';
 
 import styles from './styles';
+import { isValidURL } from '../../utils/url';
 
 // Support <http://link|Text>
 const formatText = text => text.replace(
@@ -278,7 +279,18 @@ class Markdown extends PureComponent {
 		);
 	}
 
-	renderImage = ({ src }) => <Image style={styles.inlineImage} source={{ uri: src }} />;
+	renderImage = ({ src }) => {
+		if (!isValidURL(src)) {
+			return null;
+		}
+
+		return (
+			<Image
+				style={styles.inlineImage}
+				source={{ uri: encodeURI(src) }}
+			/>
+		);
+	}
 
 	renderEditedIndicator = () => {
 		const { theme } = this.props;
diff --git a/app/utils/url.js b/app/utils/url.js
new file mode 100644
index 000000000..856eac771
--- /dev/null
+++ b/app/utils/url.js
@@ -0,0 +1,9 @@
+export const isValidURL = (url) => {
+	const pattern = new RegExp('^(https?:\\/\\/)?' // protocol
+		+ '((([a-z\\d]([a-z\\d-]*[a-z\\d])*)\\.)+[a-z]{2,}|' // domain name
+		+ '((\\d{1,3}\\.){3}\\d{1,3}))' // OR ip (v4) address
+		+ '(\\:\\d+)?(\\/[-a-z\\d%_.~+]*)*' // port and path
+		+ '(\\?[;&a-z\\d%_.~+=-]*)?' // query string
+		+ '(\\#[-a-z\\d_]*)?$', 'i'); // fragment locator
+	return !!pattern.test(url);
+};
-- 
GitLab