Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support file:/// links #131

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Support file:/// links #131

wants to merge 3 commits into from

Conversation

yurabakhtin
Copy link
Contributor

@yurabakhtin yurabakhtin requested a review from luke- December 8, 2023 14:38
luke-
luke- requested changes Dec 8, 2023
View reviewed changes
src/editor/markdown/renderer.js
@@ -21,6 +21,10 @@ const getRenderer = (context) => {
const createRenderer = (context) => {
const markdownItOptions = context && context.options.markdownIt || {html: false, breaks: true, linkify: true};
const renderer = markdownit(markdownItOptions);
renderer.validateLink = function (url) {
const BAD_PROTOCOL_REGEXP = /^(vbscript|javascript|data):/;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@yurabakhtin I would prefer to explicitly whitelist individual protocols instead of blacklisting individual ones. Would that be possible?

Ideally there would be a configuration point where linkUtil and renderer can access the allowed protocols?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@luke- Yes, we can modify the regexp as we need, I just did that almost like original method:

var BAD_PROTO_RE = /^(vbscript|javascript|file|data):/;
var GOOD_DATA_RE = /^data:image\/(gif|png|jpeg|webp);/;

function validateLink(url) {
  // url should be normalized at this point, and existing entities are decoded
  var str = url.trim().toLowerCase();

  return BAD_PROTO_RE.test(str) ? (GOOD_DATA_RE.test(str) ? true : false) : true;
}

I have understood this task is delayed at this moment, so please let me know when I should continue here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@luke- luke- luke- requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@yurabakhtin @luke-