-
-
Notifications
You must be signed in to change notification settings - Fork 674
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
* Apply isUrl option to pasted links #2239 * Sanitize link URLs * Sanitize link URLs before rendering * Fix broken tests * Separate changesets * Separate changeset for breaking change --------- Co-authored-by: Joe Anderson <joe@mousetrapped.co.uk>
- Loading branch information
1 parent
0077402
commit 93dd571
Showing
17 changed files
with
297 additions
and
33 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
--- | ||
'@udecode/plate-core': minor | ||
--- | ||
|
||
- Add `sanitizeUrl` util to check if URL has an allowed scheme |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
--- | ||
'@udecode/plate-link': minor | ||
--- | ||
|
||
- `upsertLink`: | ||
- Removed `isUrl` | ||
- Added `skipValidation` | ||
- Check that URL scheme is valid when: | ||
- Upserting links | ||
- Deserializing links from HTL | ||
- Passing `href` to `nodeProps` | ||
- Rendering the `OpenLinkButton` in `FloatingLink` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
--- | ||
'@udecode/plate-link': major | ||
--- | ||
|
||
- Add `allowedSchemes` plugin option | ||
- Any URL schemes other than `http(s)`, `mailto` and `tel` must be added to `allowedSchemes`, otherwise they will not be included in links |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
import { sanitizeUrl } from './sanitizeUrl'; | ||
|
||
describe('sanitizeUrl', () => { | ||
describe('when permitInvalid is false', () => { | ||
const options = { | ||
allowedSchemes: ['http'], | ||
permitInvalid: false, | ||
}; | ||
|
||
it('should return null when url is invalid', () => { | ||
expect(sanitizeUrl('invalid', options)).toBeNull(); | ||
}); | ||
|
||
it('should return null when url has disallowed scheme', () => { | ||
// eslint-disable-next-line no-script-url | ||
expect(sanitizeUrl('javascript://example.com/', options)).toBeNull(); | ||
}); | ||
|
||
it('should return url when url is valid', () => { | ||
expect(sanitizeUrl('http://example.com/', options)).toBe( | ||
'http://example.com/' | ||
); | ||
}); | ||
}); | ||
|
||
describe('when permitInvalid is true', () => { | ||
const options = { | ||
allowedSchemes: ['http'], | ||
permitInvalid: true, | ||
}; | ||
|
||
it('should return url when url is invalid', () => { | ||
expect(sanitizeUrl('invalid', options)).toBe('invalid'); | ||
}); | ||
|
||
it('should return null when url has disallowed scheme', () => { | ||
// eslint-disable-next-line no-script-url | ||
expect(sanitizeUrl('javascript://example.com/', options)).toBeNull(); | ||
}); | ||
|
||
it('should return url when url is valid', () => { | ||
expect(sanitizeUrl('http://example.com/', options)).toBe( | ||
'http://example.com/' | ||
); | ||
}); | ||
}); | ||
}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
export interface SanitizeUrlOptions { | ||
allowedSchemes?: string[]; | ||
permitInvalid?: boolean; | ||
} | ||
|
||
export const sanitizeUrl = ( | ||
url: string | undefined, | ||
{ allowedSchemes, permitInvalid = false }: SanitizeUrlOptions | ||
): string | null => { | ||
if (!url) return null; | ||
|
||
let parsedUrl: URL | null = null; | ||
|
||
try { | ||
parsedUrl = new URL(url); | ||
} catch (error) { | ||
return permitInvalid ? url : null; | ||
} | ||
|
||
if ( | ||
allowedSchemes && | ||
!allowedSchemes.includes(parsedUrl.protocol.slice(0, -1)) | ||
) { | ||
return null; | ||
} | ||
|
||
return parsedUrl.href; | ||
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
93dd571
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Successfully deployed to the following URLs:
plate – ./
plate-git-main-udecode.vercel.app
plate-udecode.vercel.app
plate.udecode.io
www.plate.udecode.io
93dd571
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Successfully deployed to the following URLs:
plate-examples – ./
plate-examples.vercel.app
plate-examples-git-main-udecode.vercel.app
plate-examples-udecode.vercel.app