fix: SDA-1526: remove support for opening non http(s) links (#786)

* SDA-1526: add logic to ignore non http or https urls

* SDA-1526: update unit test
This commit is contained in:
Vishwas Shashidhar 2019-09-27 12:01:05 +05:30 committed by GitHub
parent fa06a002da
commit 67553d7b46
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 37 additions and 9 deletions

View File

@ -98,6 +98,6 @@ describe('child window handle', () => {
const spy = jest.spyOn(windowHandler, 'openUrlInDefaultBrowser');
handleChildWindow(ipcRenderer as any);
ipcRenderer.send('new-window', ...args);
expect(spy).toBeCalledWith('invalid');
expect(spy).not.toBeCalledWith('invalid');
});
});

View File

@ -29,21 +29,45 @@ const MIN_WIDTH = 300;
const MIN_HEIGHT = 300;
/**
* Verifies if the url is valid and
* forcefully appends https if not present
*
* @param configURL {string}
* Verifies protocol for a new url to check if it is http or https
* @param url URL to be verified
*/
const getParsedUrl = (configURL: string): Url => {
const parsedUrl = parse(configURL);
const verifyProtocolForNewUrl = (url: string): boolean => {
const parsedUrl = parse(url);
if (!parsedUrl) {
logger.info(`child-window-handler: The url ${url} doesn't have a protocol. Returning false for verification!`);
return false;
}
if (parsedUrl.protocol === 'https') {
logger.info(`child-window-handler: The url ${url} is a https url! Returning true for verification!`);
return true;
}
if (parsedUrl.protocol === 'http') {
logger.info(`child-window-handler: The url ${url} is a http url! Returning true for verification!`);
return true;
}
return false;
};
/**
* Verifies if the url is valid and forcefully appends https if not present
* This happens mainly for urls from the same domain
*
* @param url {string}
*/
const getParsedUrl = (url: string): Url => {
const parsedUrl = parse(url);
if (!parsedUrl.protocol || parsedUrl.protocol !== 'https') {
logger.info(`child-window-handler: The url ${configURL} doesn't have a valid protocol or is not https, so, adding https!`);
logger.info(`child-window-handler: The url ${url} doesn't have a valid protocol or is not https, so, adding https!`);
parsedUrl.protocol = 'https:';
parsedUrl.slashes = true;
}
const finalParsedUrl = parse(format(parsedUrl));
logger.info(`child-window-handler: The original url ${configURL} is finally parsed as ${JSON.stringify(finalParsedUrl)}`);
logger.info(`child-window-handler: The original url ${url} is finally parsed as ${JSON.stringify(finalParsedUrl)}`);
return finalParsedUrl;
};
@ -198,6 +222,10 @@ export const handleChildWindow = (webContents: WebContents): void => {
logger.info(`child-window-handler: new window url length is greater than 2083, not performing any action!`);
return;
}
if (!verifyProtocolForNewUrl(newWinUrl)) {
logger.info(`child-window-handler: new window url protocol is not http or https, not performing any action!`);
return;
}
logger.info(`child-window-handler: new window url is ${newWinUrl} which is not of the same host,
so opening it in the default browser!`);
windowHandler.openUrlInDefaultBrowser(newWinUrl);