From 044b85d0df2336e7b08b954e43cfff3d153aefb3 Mon Sep 17 00:00:00 2001
From: Taku <45324516+Taaku18@users.noreply.github.com>
Date: Mon, 17 Jul 2023 15:55:37 -0700
Subject: [PATCH] Fix #3291: Resolve code scanning alert for URL sanitization

---
 core/utils.py | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/core/utils.py b/core/utils.py
index e25bbf20091..8cc91d81306 100644
--- a/core/utils.py
+++ b/core/utils.py
@@ -152,13 +152,17 @@ def is_image_url(url: str, **kwargs) -> str:
     bool
         Whether the URL is a valid image URL.
     """
-    if url.startswith("https://gyazo.com") or url.startswith("http://gyazo.com"):
-        # gyazo support
-        url = re.sub(
-            r"(http[s]?:\/\/)((?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*(),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+)",
-            r"\1i.\2.png",
-            url,
-        )
+    try:
+        result = parse.urlparse(url)
+        if result.netloc == 'gyazo.com' and result.scheme in ['http', 'https']:
+            # gyazo support
+            url = re.sub(
+                r"(https?://)((?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*(),]|%[0-9a-fA-F][0-9a-fA-F])+)",
+                r"\1i.\2.png",
+                url,
+            )
+    except ValueError:
+        pass
 
     return parse_image_url(url, **kwargs)