Mm 16694 master validate urls (#1000)

* validate urls before deeplink or link click * tests for isValidURL utility function * review change - invert condition * add validation for loaded files bounds-info.json, app-state.json, config.json * further validation and tweaks certificate.json, permission.json * add 2 more files for validation * parse and validate deeplinks - includes fix for windows deeplink when app is open * disable auto-updator when in dev * Squirrel is not used anymore * fix validating allowedProtocols * discard any args following a deeplink url * tweaks * update test * support scheme’s with and without slashes * stop after finding the first occurance of a deep link * test updates * updates to run tests successfully * port updates to validation from 4.2 * url validation updates changed validation package to better support internal domains and punycode domains
2019-09-09 12:38:31 -04:00
parent f12f9da798
commit e12d47ea62
25 changed files with 585 additions and 171 deletions
--- a/src/utils/util.js
+++ b/src/utils/util.js
@@ -3,11 +3,21 @@
 // See LICENSE.txt for license information.
 import url from 'url';

+import {isUri, isHttpUri, isHttpsUri} from 'valid-url';
+
 function getDomain(inputURL) {
  const parsedURL = url.parse(inputURL);
  return `${parsedURL.protocol}//${parsedURL.host}`;
 }

+function isValidURL(testURL) {
+  return Boolean(isHttpUri(testURL) || isHttpsUri(testURL));
+}
+
+function isValidURI(testURL) {
+  return Boolean(isUri(testURL));
+}
+
 // isInternalURL determines if the target url is internal to the application.
 // - currentURL is the current url inside the webview
 // - basename is the global export from the Mattermost application defining the subpath, if any
@@ -25,5 +35,7 @@ function isInternalURL(targetURL, currentURL, basename = '/') {

 export default {
  getDomain,
+  isValidURL,
+  isValidURI,
  isInternalURL,
 };