From 0ee497db3eb3a1f48c847186a17d87f00115466d Mon Sep 17 00:00:00 2001
From: Olivier Chafik <ochafik@anthropic.com>
Date: Tue, 14 Oct 2025 17:48:11 +0100
Subject: [PATCH] only accept http(s) and data uris in zip tool

---
 src/everything/everything.ts | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/everything/everything.ts b/src/everything/everything.ts
index ade7ef68..f7ce1869 100644
--- a/src/everything/everything.ts
+++ b/src/everything/everything.ts
@@ -874,8 +874,12 @@ export const createServer = () => {
       const { files, outputType } = ZipResourcesInputSchema.parse(args);
       const zip = new JSZip();
 
-      for (const [fileName, fileUrl] of Object.entries(files)) {
+      for (const [fileName, fileUrlString] of Object.entries(files)) {
         try {
+          const fileUrl = new URL(fileUrlString);
+          if (fileUrl.protocol !== 'http:' && fileUrl.protocol !== 'https:' && fileUrl.protocol !== 'data:') {
+            throw new Error(`Unsupported URL protocol for ${fileUrlString}. Only http, https, and data URLs are supported.`);
+          }
           const response = await fetch(fileUrl);
           if (!response.ok) {
             throw new Error(`Failed to fetch ${fileUrl}: ${response.statusText}`);