github/servers
1
1
Fork 0
mirror of https://github.com/modelcontextprotocol/servers.git synced 2026-02-19 11:54:58 -05:00
Code Issues Packages Projects Releases Wiki Activity

only accept http(s) and data uris in zip tool

Browse Source
This commit is contained in:
Olivier Chafik
2025-10-14 17:48:11 +01:00
parent f3c5e4f312
commit 0ee497db3e
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/everything/everything.ts
View File

@@ -874,8 +874,12 @@ export const createServer = () => {
const { files, outputType } = ZipResourcesInputSchema.parse(args);
const zip = new JSZip();
for (const [fileName, fileUrl] of Object.entries(files)) {
for (const [fileName, fileUrlString] of Object.entries(files)) {
try {
const fileUrl = new URL(fileUrlString);
if (fileUrl.protocol !== 'http:' && fileUrl.protocol !== 'https:' && fileUrl.protocol !== 'data:') {
throw new Error(`Unsupported URL protocol for ${fileUrlString}. Only http, https, and data URLs are supported.`);
}
const response = await fetch(fileUrl);
if (!response.ok) {
throw new Error(`Failed to fetch ${fileUrl}: ${response.statusText}`);