Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support file:/// links #131

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Support file:/// links #131

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
6976c5a
Support `file:///` links
yurabakhtin Dec 8, 2023
78dcc62
Update README.md
luke- Feb 8, 2024
1587b05
Merge branch 'master' into enh/131-support-file-protocol
luke- Feb 20, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions docs/CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ Changelog
- Enh #116: CodeMirror - Leave editor with Arrow/Up Down
- Enh #115: Headline Anchor - Change Icon
- Fix #122: Cannot copy & paste Codeblock
- Enh #131: Support `file:///` links

2.0.2 (July 28, 2023)
---------------------
Expand Down
1 change: 1 addition & 0 deletions src/editor/core/util/linkUtil.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ export function validateHref(href, cfg) {
return /^https?:\/\//i.test(href) //http:/https:
|| /^mailto:/i.test(href) //mailto:
|| /^ftps?:\/\//i.test(href) //ftp:/ftps:
|| /^file:\/\/\//i.test(href) //file:///
|| (cfg.anchor && validateAnchor(href)) //anchor
|| (cfg.relative && validateRelative(href)); //relative
}
Expand Down
4 changes: 4 additions & 0 deletions src/editor/markdown/renderer.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,10 @@ const getRenderer = (context) => {
const createRenderer = (context) => {
const markdownItOptions = context && context.options.markdownIt || {html: false, breaks: true, linkify: true};
const renderer = markdownit(markdownItOptions);
renderer.validateLink = function (url) {
const BAD_PROTOCOL_REGEXP = /^(vbscript|javascript|data):/;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@yurabakhtin I would prefer to explicitly whitelist individual protocols instead of blacklisting individual ones. Would that be possible?

Ideally there would be a configuration point where linkUtil and renderer can access the allowed protocols?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@luke- Yes, we can modify the regexp as we need, I just did that almost like original method:

var BAD_PROTO_RE = /^(vbscript|javascript|file|data):/;
var GOOD_DATA_RE = /^data:image\/(gif|png|jpeg|webp);/;

function validateLink(url) {
  // url should be normalized at this point, and existing entities are decoded
  var str = url.trim().toLowerCase();

  return BAD_PROTO_RE.test(str) ? (GOOD_DATA_RE.test(str) ? true : false) : true;
}

I have understood this task is delayed at this moment, so please let me know when I should continue here.

return !BAD_PROTOCOL_REGEXP.test(url.trim().toLowerCase());
}

const plugins = getPlugins(context);
plugins.forEach((plugin) => {
Expand Down
Loading
Loading