diff --git a/src/IFramePage.php b/src/IFramePage.php index f49c63d..6ad26ab 100644 --- a/src/IFramePage.php +++ b/src/IFramePage.php @@ -3,12 +3,14 @@ namespace SilverStripe\IFrame; use Page; +use SilverStripe\Core\Validation\ConstraintValidator; use SilverStripe\Forms\DropdownField; use SilverStripe\Forms\FieldList; use SilverStripe\Forms\TextField; use SilverStripe\ORM\FieldType\DBField; use SilverStripe\ORM\ValidationException; use SilverStripe\ORM\ValidationResult; +use Symfony\Component\Validator\Constraints\Url; /** * Iframe page type embeds an iframe of URL of choice into the page. @@ -119,21 +121,21 @@ public function getStyle() /** * Ensure that the IFrameURL is a valid url and prevents XSS * - * @throws ValidationException * @return ValidationResult */ public function validate() { - $result = parent::validate(); - - //whitelist allowed URL schemes - $allowed_schemes = array('http', 'https'); - if ($matches = parse_url($this->IFrameURL ?? '')) { - if (isset($matches['scheme']) && !in_array($matches['scheme'], $allowed_schemes ?? [])) { - $result->addError(_t(__CLASS__ . '.VALIDATION_BANNEDURLSCHEME', "This URL scheme is not allowed.")); - } - } - - return $result; + $fullResult = parent::validate(); + + $allowedSchemes = ['http', 'https']; + $message = _t(__CLASS__ . '.VALIDATION_URL', 'Please enter a valid URL'); + $result = ConstraintValidator::validate( + $this->value, + new Url(message: $message, protocols: $allowedSchemes), + $this->getName() + ); + $fullResult->combineAnd($result); + + return $fullResult; } }