phlux/mattermostest
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

[GH-1635] don't validate custom protocol URLs (#1889)

Browse Source 
* don't validate custom protocol URLs

* added unit tests for invalid URLs with custom protocols
This commit is contained in:
ChristophKaser
2021-12-10 11:30:10 +01:00
committed by GitHub
parent 39fbdf45c5
commit fca6a75ee4
2 changed files with 11 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/main/views/webContentEvents.test.js
View File

@@ -185,7 +185,7 @@ describe('main/views/webContentsEvents', () => {
it('should deny invalid URI', () => {
urlUtils.isValidURI.mockReturnValue(false);
expect(newWindow({url: 'baduri::'})).toStrictEqual({action: 'deny'});
expect(newWindow({url: 'http::'})).toStrictEqual({action: 'deny'});
});
it('should divert to allowProtocolDialog for custom protocols that are not mattermost or http', () => {
@@ -193,6 +193,11 @@ describe('main/views/webContentsEvents', () => {
expect(allowProtocolDialog.handleDialogEvent).toBeCalledWith('spotify:', 'spotify:album:2OZbaW9tgO62ndm375lFZr');
});
it('should divert to allowProtocolDialog for invalid URIs with custom protocols', () => {
expect(newWindow({url: 'customproto:test\\data'})).toStrictEqual({action: 'deny'});
expect(allowProtocolDialog.handleDialogEvent).toBeCalledWith('customproto:', 'customproto:test\\data');
});
it('should open in the browser when there is no server matching', () => {
urlUtils.getView.mockReturnValue(null);
expect(newWindow({url: 'http://server-2.com/subpath'})).toStrictEqual({action: 'deny'});

10
src/main/views/webContentEvents.ts
View File

@@ -112,17 +112,17 @@ export class WebContentsEventManager {
return {action: 'allow'};
}
// Check for valid URL
if (!urlUtils.isValidURI(details.url)) {
return {action: 'deny'};
}
// Check for custom protocol
if (parsedURL.protocol !== 'http:' && parsedURL.protocol !== 'https:' && parsedURL.protocol !== `${scheme}:`) {
allowProtocolDialog.handleDialogEvent(parsedURL.protocol, details.url);
return {action: 'deny'};
}
// Check for valid URL
if (!urlUtils.isValidURI(details.url)) {
return {action: 'deny'};
}
const server = urlUtils.getView(parsedURL, configServers);
if (!server) {