From fca6a75ee4dba03a98a3f07bfacd084f924156e1 Mon Sep 17 00:00:00 2001
From: ChristophKaser <ChristophKaser@users.noreply.github.com>
Date: Fri, 10 Dec 2021 11:30:10 +0100
Subject: [PATCH] [GH-1635] don't validate custom protocol URLs (#1889)

* don't validate custom protocol URLs

* added unit tests for invalid URLs with custom protocols
---
 src/main/views/webContentEvents.test.js |  7 ++++++-
 src/main/views/webContentEvents.ts      | 10 +++++-----
 2 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/src/main/views/webContentEvents.test.js b/src/main/views/webContentEvents.test.js
index 08565194..6bbf64ec 100644
--- a/src/main/views/webContentEvents.test.js
+++ b/src/main/views/webContentEvents.test.js
@@ -185,7 +185,7 @@ describe('main/views/webContentsEvents', () => {
 
         it('should deny invalid URI', () => {
             urlUtils.isValidURI.mockReturnValue(false);
-            expect(newWindow({url: 'baduri::'})).toStrictEqual({action: 'deny'});
+            expect(newWindow({url: 'http::'})).toStrictEqual({action: 'deny'});
         });
 
         it('should divert to allowProtocolDialog for custom protocols that are not mattermost or http', () => {
@@ -193,6 +193,11 @@ describe('main/views/webContentsEvents', () => {
             expect(allowProtocolDialog.handleDialogEvent).toBeCalledWith('spotify:', 'spotify:album:2OZbaW9tgO62ndm375lFZr');
         });
 
+        it('should divert to allowProtocolDialog for invalid URIs with custom protocols', () => {
+            expect(newWindow({url: 'customproto:test\\data'})).toStrictEqual({action: 'deny'});
+            expect(allowProtocolDialog.handleDialogEvent).toBeCalledWith('customproto:', 'customproto:test\\data');
+        });
+
         it('should open in the browser when there is no server matching', () => {
             urlUtils.getView.mockReturnValue(null);
             expect(newWindow({url: 'http://server-2.com/subpath'})).toStrictEqual({action: 'deny'});
diff --git a/src/main/views/webContentEvents.ts b/src/main/views/webContentEvents.ts
index 7db56baa..a15d5838 100644
--- a/src/main/views/webContentEvents.ts
+++ b/src/main/views/webContentEvents.ts
@@ -112,17 +112,17 @@ export class WebContentsEventManager {
                 return {action: 'allow'};
             }
 
-            // Check for valid URL
-            if (!urlUtils.isValidURI(details.url)) {
-                return {action: 'deny'};
-            }
-
             // Check for custom protocol
             if (parsedURL.protocol !== 'http:' && parsedURL.protocol !== 'https:' && parsedURL.protocol !== `${scheme}:`) {
                 allowProtocolDialog.handleDialogEvent(parsedURL.protocol, details.url);
                 return {action: 'deny'};
             }
 
+            // Check for valid URL
+            if (!urlUtils.isValidURI(details.url)) {
+                return {action: 'deny'};
+            }
+
             const server = urlUtils.getView(parsedURL, configServers);
 
             if (!server) {