From aa6252d79fdf0474564ee0a770c8b8dad443fc73 Mon Sep 17 00:00:00 2001
From: Naomi Carrigan <commits@nhcarrigan.com>
Date: Fri, 20 Feb 2026 16:39:06 -0800
Subject: [PATCH] feat: add data URL validation

---
 api/src/app/utils/validation.ts | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/api/src/app/utils/validation.ts b/api/src/app/utils/validation.ts
index 08fdfa3..05792b4 100644
--- a/api/src/app/utils/validation.ts
+++ b/api/src/app/utils/validation.ts
@@ -4,6 +4,13 @@
  * @author Naomi Carrigan
  */
 
+/**
+ * Validates that a URL is a proper base64 data string.
+ */
+export function validateDataUrl(url: string): boolean {
+  return /^data:image\/(jpeg|png|gif|webp|svg\+xml);base64,[A-Za-z0-9+/=]+$/.test(url);
+}
+
 /**
  * Validates that a URL is safe and points to an allowed protocol.
  * Prevents javascript:, data:, vbscript:, and file: URLs.
@@ -83,4 +90,5 @@ export const MAX_LENGTHS = {
   NOTES: 5000,
   TAGS: 50, // per tag
   ISBN: 50,
+  DATA_URL: 5 * 1024 * 1024, // 5MB in bytes (not chars)
 } as const;