cswimr/revite
1
0
Fork 0
mirror of https://github.com/revoltchat/revite.git synced 2024-11-22 07:00:58 -05:00
Code Issues Projects Releases Packages Wiki Activity

fix: correctly match protocols

Browse source
This commit is contained in:
Paul Makles 2022-09-18 12:32:29 +01:00
parent e6ad6a552e
commit 6b9106c975
1 changed files with 33 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

51
src/lib/links.ts
View file

@ -1,3 +1,6 @@
/**
* Type of link
*/
type LinkType = type LinkType =
| { | {
type: "navigate"; type: "navigate";
@ -6,6 +9,9 @@ type LinkType =
| { type: "external"; href: string; url: URL } | { type: "external"; href: string; url: URL }
| { type: "none" }; | { type: "none" };
/**
* Allowed origins for relative navigation
*/
const ALLOWED_ORIGINS = [ const ALLOWED_ORIGINS = [
location.hostname, location.hostname,
"app.revolt.chat", "app.revolt.chat",
@ -13,27 +19,36 @@ const ALLOWED_ORIGINS = [
"local.revolt.chat", "local.revolt.chat",
]; ];
/**
* Permissible protocols in URLs
*/
const PROTOCOL_WHITELIST = [ const PROTOCOL_WHITELIST = [
"https", "http:",
"ftp", "https:",
"ftps", "ftp:",
"mailto", "ftps:",
"news", "mailto:",
"irc", "news:",
"gopher", "irc:",
"nntp", "gopher:",
"feed", "nntp:",
"telnet", "feed:",
"mms", "telnet:",
"rtsp", "mms:",
"svn", "rtsp:",
"git", "svn:",
"tel", "git:",
"fax", "tel:",
"xmpp", "fax:",
"magnet", "xmpp:",
"magnet:",
]; ];
/**
* Determine what kind of link we are dealing with and sanitise any malicious input
* @param href Input URL
* @returns Link Type
*/
export function determineLink(href?: string): LinkType { export function determineLink(href?: string): LinkType {
let internal, let internal,
url: URL | null = null; url: URL | null = null;