Skip to content
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions packages/webgal/src/Core/controller/scene/sceneFetcher.ts
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,10 @@ import axios from 'axios';
*/
export const sceneFetcher = (sceneUrl: string) => {
return new Promise<string>((resolve, reject) => {
if (!sceneUrl.endsWith('.txt')) {
reject('Scene file must be a txt file');
return;
}
Comment on lines +9 to +12

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

在 JavaScript/TypeScript 中,使用字符串字面量(如 reject('Scene file must be a txt file'))来 reject 一个 Promise 是一种反模式。建议使用 Error 对象(如 reject(new Error('...'))),这样可以保留堆栈信息,便于调试和统一错误处理。\n\n此外,直接使用 sceneUrl.endsWith('.txt') 进行校验可能会在 URL 包含查询参数或哈希值(例如用于清除缓存的 scene.txt?v=1.0)时失效。更安全的方法是在校验后缀前先剥离查询参数和哈希值,并显式防御空字符串或无效的 URL。

    if (!sceneUrl) {\n      reject(new Error('Scene URL is empty'));\n      return;\n    }\n    const pathname = sceneUrl.split('?')[0].split('#')[0];\n    if (!pathname.endsWith('.txt')) {\n      reject(new Error('Scene file must be a txt file'));\n      return;\n    }

axios
.get(sceneUrl)
.then((response) => {
Expand Down
Loading