From 751b4716c83b799e160707b386e72456b7c6bd23 Mon Sep 17 00:00:00 2001
From: Anders Kaseorg <anders@zulip.com>
Date: Wed, 1 Nov 2023 20:09:09 -0700
Subject: [PATCH] matrix_bridge: Verify server URL scheme.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
---
 zulip/integrations/bridge_with_matrix/matrix_bridge.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/zulip/integrations/bridge_with_matrix/matrix_bridge.py b/zulip/integrations/bridge_with_matrix/matrix_bridge.py
index a1c6fb9a..fb0ece54 100755
--- a/zulip/integrations/bridge_with_matrix/matrix_bridge.py
+++ b/zulip/integrations/bridge_with_matrix/matrix_bridge.py
@@ -232,6 +232,8 @@ class ZulipToMatrix:
         if result["result"] != "success":
             raise BridgeFatalZulipError("cannot get server settings")
         self.server_url: str = result["realm_uri"]
+        if not self.server_url.startswith(("http:", "https:")):
+            raise ValueError("Unexpected server URL scheme")
 
     @classmethod
     async def create(