feat: add URL protocol validation to extension and mobile app (#996)

2 files changed, 23 insertions, 0 deletions

diff --git a/apps/browser-extension/src/NotConfiguredPage.tsx b/apps/browser-extension/src/NotConfiguredPage.tsx
index 31d45d6a..fdda480e 100644
--- a/apps/browser-extension/src/NotConfiguredPage.tsx
+++ b/apps/browser-extension/src/NotConfiguredPage.tsx
@@ -22,6 +22,16 @@ export default function NotConfiguredPage() {
       setError("Server address is required");
       return;
     }
+
+    // Add URL protocol validation
+    if (
+      !serverAddress.startsWith("http://") &&
+      !serverAddress.startsWith("https://")
+    ) {
+      setError("Server address must start with http:// or https://");
+      return;
+    }
+
     setSettings((s) => ({ ...s, address: serverAddress.replace(/\/$/, "") }));
     navigate("/signin");
   };
diff --git a/apps/mobile/app/signin.tsx b/apps/mobile/app/signin.tsx
index 31cb1e01..17a2158d 100644
--- a/apps/mobile/app/signin.tsx
+++ b/apps/mobile/app/signin.tsx
@@ -84,6 +84,19 @@ export default function Signin() {
   }
 
   const onSignin = () => {
+    if (!formState.serverAddress) {
+      setError("Server address is required");
+      return;
+    }
+
+    if (
+      !formState.serverAddress.startsWith("http://") &&
+      !formState.serverAddress.startsWith("https://")
+    ) {
+      setError("Server address must start with http:// or https://");
+      return;
+    }
+
     if (loginType === LoginType.Password) {
       const randStr = (Math.random() + 1).toString(36).substring(5);
       login({