From a328033cd3420391a73ad4d513f1733deee763e8 Mon Sep 17 00:00:00 2001
From: shen <chuajianshen@gmail.com>
Date: Wed, 18 Dec 2024 16:21:40 +0800
Subject: [PATCH 1/5] filter_var to sanitise URL

---
 src/Browsershot.php                  | 6 ++++--
 src/Exceptions/FileUrlNotAllowed.php | 5 +++++
 tests/BrowsershotTest.php            | 5 +++++
 3 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/src/Browsershot.php b/src/Browsershot.php
index 4785bb4..5edbfcf 100644
--- a/src/Browsershot.php
+++ b/src/Browsershot.php
@@ -257,8 +257,10 @@ public function waitForSelector(string $selector, array $options = []): static
 
     public function setUrl(string $url): static
     {
-        $url = trim($url);
-
+        if (filter_var($url, FILTER_VALIDATE_URL) === false ){
+            throw FileUrlNotAllowed::parseError();
+        }
+        
         $unsupportedProtocols = [
             'file://',
             'file:/',
diff --git a/src/Exceptions/FileUrlNotAllowed.php b/src/Exceptions/FileUrlNotAllowed.php
index f7d922c..3fa5e91 100644
--- a/src/Exceptions/FileUrlNotAllowed.php
+++ b/src/Exceptions/FileUrlNotAllowed.php
@@ -10,4 +10,9 @@ public static function make(): static
     {
         return new static('An URL is not allow to start with file:// or file:/');
     }
+
+    public static function parseError(): static
+    {
+        return new static('URL parse error');
+    }
 }
diff --git a/tests/BrowsershotTest.php b/tests/BrowsershotTest.php
index 708ef52..97e6782 100644
--- a/tests/BrowsershotTest.php
+++ b/tests/BrowsershotTest.php
@@ -76,6 +76,11 @@
     Browsershot::url('file:/test');
 })->throws(FileUrlNotAllowed::class);
 
+it('will not allow a slightly malformed file url', function () {
+    Browsershot::url('fil
+    e:///test');
+})->throws(FileUrlNotAllowed::class);
+
 it('will not allow html to contain file:/', function () {
     Browsershot::html('<h1><img src="file:/" /></h1>');
 })->throws(HtmlIsNotAllowedToContainFile::class);

From a1aae468711546a34bd335c826049f4cb036e19e Mon Sep 17 00:00:00 2001
From: Freek Van der Herten <freek@spatie.be>
Date: Mon, 23 Dec 2024 11:18:02 +0100
Subject: [PATCH 2/5] Update FileUrlNotAllowed.php

---
 src/Exceptions/FileUrlNotAllowed.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Exceptions/FileUrlNotAllowed.php b/src/Exceptions/FileUrlNotAllowed.php
index 3fa5e91..497b213 100644
--- a/src/Exceptions/FileUrlNotAllowed.php
+++ b/src/Exceptions/FileUrlNotAllowed.php
@@ -11,8 +11,8 @@ public static function make(): static
         return new static('An URL is not allow to start with file:// or file:/');
     }
 
-    public static function parseError(): static
+    public static function parseError(string $url): static
     {
-        return new static('URL parse error');
+        return new static("The given URL `{$url}` is not a valid URL");
     }
 }

From 420bb188e6accbe2fbc427a6596cfe7bca97e8fa Mon Sep 17 00:00:00 2001
From: Freek Van der Herten <freek@spatie.be>
Date: Mon, 23 Dec 2024 11:18:45 +0100
Subject: [PATCH 3/5] Update Browsershot.php

---
 src/Browsershot.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Browsershot.php b/src/Browsershot.php
index 5edbfcf..d0b36eb 100644
--- a/src/Browsershot.php
+++ b/src/Browsershot.php
@@ -258,7 +258,7 @@ public function waitForSelector(string $selector, array $options = []): static
     public function setUrl(string $url): static
     {
         if (filter_var($url, FILTER_VALIDATE_URL) === false ){
-            throw FileUrlNotAllowed::parseError();
+            throw FileUrlNotAllowed::urlCannotBeParsed($url);
         }
         
         $unsupportedProtocols = [

From 50fdcb0e5b4527a3a774058e20ac8d7b738d8a2c Mon Sep 17 00:00:00 2001
From: Freek Van der Herten <freek@spatie.be>
Date: Mon, 23 Dec 2024 11:18:58 +0100
Subject: [PATCH 4/5] Update FileUrlNotAllowed.php

---
 src/Exceptions/FileUrlNotAllowed.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Exceptions/FileUrlNotAllowed.php b/src/Exceptions/FileUrlNotAllowed.php
index 497b213..295e414 100644
--- a/src/Exceptions/FileUrlNotAllowed.php
+++ b/src/Exceptions/FileUrlNotAllowed.php
@@ -11,7 +11,7 @@ public static function make(): static
         return new static('An URL is not allow to start with file:// or file:/');
     }
 
-    public static function parseError(string $url): static
+    public static function urlCannotBeParsed(string $url): static
     {
         return new static("The given URL `{$url}` is not a valid URL");
     }

From 402a3f5aac783a4899c2aa248b3c33f752afb3cb Mon Sep 17 00:00:00 2001
From: Freek Van der Herten <freek@spatie.be>
Date: Mon, 23 Dec 2024 11:21:46 +0100
Subject: [PATCH 5/5] Update BrowsershotTest.php

---
 tests/BrowsershotTest.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/BrowsershotTest.php b/tests/BrowsershotTest.php
index 97e6782..28b36b2 100644
--- a/tests/BrowsershotTest.php
+++ b/tests/BrowsershotTest.php
@@ -76,7 +76,7 @@
     Browsershot::url('file:/test');
 })->throws(FileUrlNotAllowed::class);
 
-it('will not allow a slightly malformed file url', function () {
+it('will not allow a malformed file url witht too many slashes', function () {
     Browsershot::url('fil
     e:///test');
 })->throws(FileUrlNotAllowed::class);