fix: SDA-1526: remove support for opening non http(s) links (#786)

* SDA-1526: add logic to ignore non http or https urls * SDA-1526: update unit test
2025-02-25 18:55:29 -06:00 · 2019-09-27 12:01:05 +05:30 · 2019-09-27 12:01:05 +05:30 · 67553d7b46
commit 67553d7b46
parent fa06a002da
2 changed files with 37 additions and 9 deletions
--- a/spec/childWindowHandle.spec.ts
+++ b/spec/childWindowHandle.spec.ts
@ -98,6 +98,6 @@ describe('child window handle', () => {
        const spy = jest.spyOn(windowHandler, 'openUrlInDefaultBrowser');
        handleChildWindow(ipcRenderer as any);
        ipcRenderer.send('new-window', ...args);
-        expect(spy).toBeCalledWith('invalid');
+        expect(spy).not.toBeCalledWith('invalid');
    });
 });
--- a/src/app/child-window-handler.ts
+++ b/src/app/child-window-handler.ts
@ -29,21 +29,45 @@ const MIN_WIDTH = 300;
 const MIN_HEIGHT = 300;

 /**
- * Verifies if the url is valid and
- * forcefully appends https if not present
- *
- * @param configURL {string}
+ * Verifies protocol for a new url to check if it is http or https
+ * @param url URL to be verified
 */
-const getParsedUrl = (configURL: string): Url => {
-    const parsedUrl = parse(configURL);
+const verifyProtocolForNewUrl = (url: string): boolean => {
+    const parsedUrl = parse(url);
+    if (!parsedUrl) {
+        logger.info(`child-window-handler: The url ${url} doesn't have a protocol. Returning false for verification!`);
+        return false;
+    }
+
+    if (parsedUrl.protocol === 'https') {
+        logger.info(`child-window-handler: The url ${url} is a https url! Returning true for verification!`);
+        return true;
+    }
+
+    if (parsedUrl.protocol === 'http') {
+        logger.info(`child-window-handler: The url ${url} is a http url! Returning true for verification!`);
+        return true;
+    }
+
+    return false;
+};
+
+/**
+ * Verifies if the url is valid and forcefully appends https if not present
+ * This happens mainly for urls from the same domain
+ *
+ * @param url {string}
+ */
+const getParsedUrl = (url: string): Url => {
+    const parsedUrl = parse(url);

    if (!parsedUrl.protocol || parsedUrl.protocol !== 'https') {
-        logger.info(`child-window-handler: The url ${configURL} doesn't have a valid protocol or is not https, so, adding https!`);
+        logger.info(`child-window-handler: The url ${url} doesn't have a valid protocol or is not https, so, adding https!`);
        parsedUrl.protocol = 'https:';
        parsedUrl.slashes = true;
    }
    const finalParsedUrl = parse(format(parsedUrl));
-    logger.info(`child-window-handler: The original url ${configURL} is finally parsed as ${JSON.stringify(finalParsedUrl)}`);
+    logger.info(`child-window-handler: The original url ${url} is finally parsed as ${JSON.stringify(finalParsedUrl)}`);
    return finalParsedUrl;
 };

@ -198,6 +222,10 @@ export const handleChildWindow = (webContents: WebContents): void => {
                logger.info(`child-window-handler: new window url length is greater than 2083, not performing any action!`);
                return;
            }
+            if (!verifyProtocolForNewUrl(newWinUrl)) {
+                logger.info(`child-window-handler: new window url protocol is not http or https, not performing any action!`);
+                return;
+            }
            logger.info(`child-window-handler: new window url is ${newWinUrl} which is not of the same host,
            so opening it in the default browser!`);
            windowHandler.openUrlInDefaultBrowser(newWinUrl);