feat: add PDF URL validation and content type check

Yukaii · Yukaii · commit 695f27ea8776 · 2025-03-19T20:41:29.000+08:00
Signed-off-by: Yukai Huang &lt;yukaihuangtw@gmail.com&gt;
diff --git a/public/js/extra.js b/public/js/extra.js
@@ -28,7 +28,7 @@ import './lib/renderer/lightbox'
 import { renderCSVPreview } from './lib/renderer/csvpreview'
 
 import { escapeAttrValue } from './render'
-import { sanitizeUrl } from './utils'
+import { sanitizeUrl, isPdfUrl } from './utils'
 
 import markdownit from 'markdown-it'
 import markdownitContainer from 'markdown-it-container'
@@ -634,11 +634,41 @@ export function finishView (view) {
       const cleanUrl = sanitizeUrl(url)
       const inner = $('<div></div>')
       $(this).append(inner)
-      setTimeout(() => {
-        PDFObject.embed(cleanUrl, inner, {
-          height: '400px'
-        })
-      }, 1)
+      
+      // First check URL format
+      const isPDFByExtension = /\.pdf(\?.*)?$/i.test(cleanUrl) || cleanUrl.includes('pdf')
+      
+      if (isPDFByExtension) {
+        // Show loading message while we check content type
+        const loadingMessage = $('<div class="alert alert-info">Verifying PDF file...</div>');
+        inner.html(loadingMessage);
+        
+        // Perform additional validation with HEAD request
+        isPdfUrl(cleanUrl).then(isPDFByContentType => {
+          if (isPDFByContentType) {
+            // Valid PDF by content type, embed it
+            PDFObject.embed(cleanUrl, inner, {
+              height: '400px'
+            });
+          } else {
+            // URL format looks like PDF but content type doesn't match
+            inner.html('<div class="alert alert-warning">The URL looks like a PDF but the server didn\'t confirm it has a PDF content type.</div>');
+            console.warn('URL has PDF extension but content type is not application/pdf:', cleanUrl);
+            
+            // Try to embed anyway as a fallback
+            setTimeout(() => {
+              PDFObject.embed(cleanUrl, inner, {
+                height: '400px',
+                fallbackLink: 'This doesn\'t appear to be a valid PDF. <a href="[url]">Click here to try downloading it directly</a>.'
+              });
+            }, 1);
+          }
+        });
+      } else {
+        // Not a valid PDF URL by extension
+        inner.html('<div class="alert alert-danger">Invalid PDF URL. The URL must point to a PDF file.</div>');
+        console.warn('Invalid PDF URL format:', cleanUrl);
+      }
     })
     // syntax highlighting
   view.find('code.raw').removeClass('raw')
diff --git a/public/js/utils.js b/public/js/utils.js
@@ -46,3 +46,15 @@ export function sanitizeUrl (rawUrl) {
     return 'about:blank'
   }
 }
+
+// Check if URL is a PDF based on Content-Type header
+export async function isPdfUrl(url) {
+  try {
+    const response = await fetch(url, { method: 'HEAD' });
+    const contentType = response.headers.get('Content-Type');
+    return contentType === 'application/pdf';
+  } catch (error) {
+    console.warn('Error checking PDF content type:', error);
+    return false;
+  }
+}
