validate url

Author: freekmurze

Diff for: src/Browsershot.php

@@ -69,7 +69,7 @@ class Browsershot
     protected ImageManipulations $imageManipulations;
 
     protected array $unsafeProtocols = [
-        'file:,',
+        'file:',
         'file:/',
         'file://',
         'file:\\',
@@ -268,6 +268,10 @@ public function setUrl(string $url): static
     {
         $url = trim($url);
 
+        if (filter_var($url, FILTER_VALIDATE_URL) === false ){
+            throw FileUrlNotAllowed::urlCannotBeParsed($url);
+        }
+
         foreach ($this->unsafeProtocols as $unsupportedProtocol) {
             if (str_starts_with(strtolower($url), $unsupportedProtocol)) {
                 throw FileUrlNotAllowed::make();

Diff for: src/Exceptions/FileUrlNotAllowed.php

@@ -10,4 +10,9 @@ public static function make(): static
     {
         return new static('An URL is not allow to start with file:// or file:/');
     }
+
+    public static function urlCannotBeParsed(string $url): static
+    {
+        return new static("The given URL `{$url}` is not a valid URL");
+    }
 }

Diff for: tests/BrowsershotTest.php

@@ -59,11 +59,17 @@
     'File://test',
     'file:/test',
     'file:\test',
+    'file:',
     'file:\\test',
     'view-source',
     'View-Source',
 ]);
 
+it('will not allow a malformed file url with too many slashes', function () {
+    Browsershot::url('fil
+     e:///test');
+})->throws(FileUrlNotAllowed::class);
+
 it('will not allow a file url that has leading spaces', function () {
     Browsershot::url('    file://test');
 })->throws(FileUrlNotAllowed::class);