From efd56d7ac3b75bef03ae3464708c56fa34675087 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Guillermo=20Vay=C3=A1?= <guivaya@gmail.com>
Date: Fri, 13 Dec 2019 16:20:10 +0100
Subject: [PATCH] [MM-21075] Prevent known teams to open in a new app window
 (#1130)

* [MM-21075] prevent known teams to open a new
window

* improve naming

* allow anything that is not a team to open a window
---
 src/main.js | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/src/main.js b/src/main.js
index 8b2a0965..1dcd7736 100644
--- a/src/main.js
+++ b/src/main.js
@@ -432,6 +432,10 @@ function handleAppWebContentsCreated(dc, contents) {
       log.info(`Untrusted popup window blocked: ${url}`);
       return;
     }
+    if (isTeamUrl(url) === true) {
+      log.info(`${url} is a known team, preventing to open a new window`);
+      return;
+    }
     if (popupWindow && popupWindow.getURL() === url) {
       log.info(`Popup window already open at provided url: ${url}`);
       return;
@@ -852,6 +856,18 @@ function parseURL(url) {
   }
 }
 
+function isTeamUrl(url) {
+  const parsedURL = parseURL(url);
+  if (!parsedURL) {
+    return null;
+  }
+  if (isCustomLoginURL(parsedURL)) {
+    return false;
+  }
+  const nonTeamUrlPaths = ['plugins', 'signup', 'login', 'admin', 'channel', 'post', 'api', 'oauth'];
+  return !(nonTeamUrlPaths.some((testPath) => parsedURL.pathname.toLowerCase().startsWith(`/${testPath}/`)));
+}
+
 function isTrustedURL(url) {
   const parsedURL = parseURL(url);
   if (!parsedURL) {