Add trusted link handling in renderer/prompt

This commit is contained in:
Snazzah 2021-08-30 14:08:13 +00:00 committed by GitHub
parent 4c34787ef3
commit d8465b1aae
2 changed files with 42 additions and 13 deletions

View file

@ -18,13 +18,15 @@ import { useCallback, useContext } from "preact/hooks";
import { internalEmit } from "../../lib/eventEmitter"; import { internalEmit } from "../../lib/eventEmitter";
import { getState } from "../../redux";
import { useIntermediate } from "../../context/intermediate/Intermediate";
import { AppContext } from "../../context/revoltjs/RevoltClient"; import { AppContext } from "../../context/revoltjs/RevoltClient";
import { generateEmoji } from "../common/Emoji"; import { generateEmoji } from "../common/Emoji";
import { emojiDictionary } from "../../assets/emojis"; import { emojiDictionary } from "../../assets/emojis";
import { MarkdownProps } from "./Markdown"; import { MarkdownProps } from "./Markdown";
import {useIntermediate} from "../../context/intermediate/Intermediate";
// TODO: global.d.ts file for defining globals // TODO: global.d.ts file for defining globals
declare global { declare global {
@ -35,9 +37,9 @@ declare global {
const ALLOWED_ORIGINS = [ const ALLOWED_ORIGINS = [
location.hostname, location.hostname,
'app.revolt.chat', "app.revolt.chat",
'nightly.revolt.chat', "nightly.revolt.chat",
'local.revolt.chat', "local.revolt.chat",
]; ];
// Handler for code block copy. // Handler for code block copy.
@ -176,13 +178,16 @@ export default function Renderer({ content, disallowBigEmoji }: MarkdownProps) {
element.removeAttribute("data-type"); element.removeAttribute("data-type");
element.removeAttribute("target"); element.removeAttribute("target");
let internal; let internal,
url: URL | null = null;
const href = element.href; const href = element.href;
if (href) { if (href) {
try { try {
const url = new URL(href, location.href); url = new URL(href, location.href);
if (ALLOWED_ORIGINS.includes(url.hostname)) { if (
ALLOWED_ORIGINS.includes(url.hostname)
) {
internal = true; internal = true;
element.addEventListener( element.addEventListener(
"click", "click",
@ -202,12 +207,20 @@ export default function Renderer({ content, disallowBigEmoji }: MarkdownProps) {
if (!internal) { if (!internal) {
element.setAttribute("target", "_blank"); element.setAttribute("target", "_blank");
element.onclick = (ev) => { element.onclick = (ev) => {
const { trustedLinks } = getState();
if (
!url ||
!trustedLinks.domains?.includes(
url.hostname,
)
) {
ev.preventDefault(); ev.preventDefault();
openScreen({ openScreen({
id: "external_link_prompt", id: "external_link_prompt",
link: href link: href,
}) });
} }
};
} }
}, },
); );

View file

@ -1,6 +1,7 @@
import { Text } from "preact-i18n"; import { Text } from "preact-i18n";
import Modal from "../../../components/ui/Modal"; import Modal from "../../../components/ui/Modal";
import { dispatch } from "../../../redux";
interface Props { interface Props {
onClose: () => void; onClose: () => void;
@ -29,6 +30,21 @@ export function ExternalLinkModal({ onClose, link }: Props) {
confirmation: false, confirmation: false,
children: "Cancel", children: "Cancel",
}, },
{
onClick: () => {
try {
const url = new URL(link);
dispatch({
type: "TRUSTED_LINKS_ADD_DOMAIN",
domain: url.hostname
});
} catch(e) {}
window.open(link, "_blank");
onClose();
},
plain: true,
children: "Trust this domain",
}
]}> ]}>
<Text id={"app.special.modals.external_links.short"} /> <br /> <Text id={"app.special.modals.external_links.short"} /> <br />
<a>{link}</a> <a>{link}</a>