Add more security check

little_boxes/backend.py

@@ -7,6 +7,7 @@ import requests
 
 from .__version__ import __version__
 from .errors import ActivityNotFoundError
+from .urlutils import check_url
 
 if typing.TYPE_CHECKING:
     from little_boxes import activitypub as ap  # noqa: type checking
@@ -21,6 +22,7 @@ class Backend(abc.ABC):
         return binascii.hexlify(os.urandom(8)).decode("utf-8")
 
     def fetch_json(self, url: str, **kwargs):
+        check_url(url)
         resp = requests.get(
             url,
             headers={"User-Agent": self.user_agent(), "Accept": "application/json"},
@@ -44,6 +46,7 @@ class Backend(abc.ABC):
         pass  # pragma: no cover
 
     def fetch_iri(self, iri: str, **kwargs) -> "ap.ObjectType":  # pragma: no cover
+        check_url(iri)
         resp = requests.get(
             iri,
             headers={