feat: prevent many add-api submissions which are not API definitions

MikeRalphson · MikeRalphson · commit 4a812e259425 · 2023-02-22T12:44:44.000Z
diff --git a/src/add-api.html b/src/add-api.html
@@ -21,6 +21,27 @@
   form.onsubmit = addApi;
   function addApi(e) {
     e.preventDefault();
+
+    try {
+      let up = new URL(form.url.value);
+      if (!up.pathname || up.pathname === '/') {
+        alert('Please specify a machine-readable API definition location, not a website root URL');
+        return(false);
+      }
+      if (up.pathname.endsWith('.html')) {
+        alert('Please specify a machine-readable API definition location, not an html page');
+        return(false);
+      }
+      if ((up.hostname.indexOf('localhost')>=0) || (up.hostname.indexOf('127.0.0.1')>=0)) {
+        alert('Please specify a non-localhost URL');
+        return(false);
+      }
+    }
+    catch (ex) {
+      alert(ex.message);
+      return false;
+    }
+
     var details = {
       format: form['spec-format'].value,
       official: form.official.value,
