From 1ef4e8da0166687a020b7c598d6641389f8f94d1 Mon Sep 17 00:00:00 2001
From: Uncle Stretch <uncle.stretch@ghostchain.io>
Date: Tue, 9 Dec 2025 21:48:27 +0300
Subject: [PATCH] rpc input sanitization

Signed-off-by: Uncle Stretch <uncle.stretch@ghostchain.io>
---
 Cargo.toml                                    |  3 +-
 .../validator/gatekeeper_endpoints_popup.rs   | 33 ++++++++++++-------
 2 files changed, 24 insertions(+), 12 deletions(-)

diff --git a/Cargo.toml b/Cargo.toml
index 80eb3a1..ce18482 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -2,7 +2,7 @@
 name = "ghost-eye"
 authors = ["str3tch <stretch@ghostchain.io>"]
 description = "Application for interacting with Casper/Ghost nodes that are exposing RPC only to the localhost"
-version = "0.3.84"
+version = "0.3.85"
 edition = "2021"
 homepage = "https://git.ghostchain.io/ghostchain"
 repository = "https://git.ghostchain.io/ghostchain/ghost-eye"
@@ -36,6 +36,7 @@ tracing = "0.1.37"
 tracing-error = "0.2.0"
 tracing-subscriber = { version = "0.3.17", features = ["env-filter", "serde"] }
 unicode-width = "0.2.0"
+url = "2.5.7"
 
 [build-dependencies]
 anyhow = "1.0.91"
diff --git a/src/components/validator/gatekeeper_endpoints_popup.rs b/src/components/validator/gatekeeper_endpoints_popup.rs
index c2decf4..0deb841 100644
--- a/src/components/validator/gatekeeper_endpoints_popup.rs
+++ b/src/components/validator/gatekeeper_endpoints_popup.rs
@@ -8,13 +8,11 @@ use ratatui::{
 };
 use std::sync::mpsc::Sender;
 use tokio::sync::mpsc::UnboundedSender;
+use url::Url;
 
 use super::{Component, CurrentTab, PartialComponent};
 use crate::{
-    action::Action,
-    config::Config,
-    palette::StylePalette,
-    widgets::{Input, InputRequest},
+    action::Action, config::Config, palette::StylePalette, types::{ActionLevel, ActionTarget}, widgets::{Input, InputRequest}
 };
 
 #[derive(Debug, Default, Eq, PartialEq)]
@@ -61,13 +59,26 @@ impl GatekeeperEndpoints {
     fn submit_message(&mut self) {
         if let Some(network_tx) = &self.network_tx {
             if self.selected == Selected::Input {
-                let mut stored_endpoints = self.stored_endpoints.clone();
-                stored_endpoints.push(self.rpc_input.value().to_string());
-                let _ = network_tx.send(Action::UpdateStoredRpcEndpoints(
-                    self.chain_id,
-                    stored_endpoints,
-                ));
-                self.rpc_input = Input::new(String::new());
+                match Url::parse(self.rpc_input.value())  {
+                    Ok(url) => {
+                        let mut stored_endpoints = self.stored_endpoints.clone();
+                        stored_endpoints.push(url.to_string());
+                        let _ = network_tx.send(Action::UpdateStoredRpcEndpoints(
+                                self.chain_id,
+                                stored_endpoints,
+                        ));
+                        self.rpc_input = Input::new(String::new());
+                    },
+                    Err(err) => {
+                        if let Some(action_tx) = &self.action_tx {
+                            let _ = action_tx.send(Action::EventLog(
+                                    format!("Incorrect RPC input: {:?}", err),
+                                    ActionLevel::Warn,
+                                    ActionTarget::ValidatorLog,
+                            ));
+                        }
+                    }
+                }
             }
         }
     }