Skip to content

Commit

Permalink
feat(snaps-utils): Allow overriding allowed protocols in validateLink
Browse files Browse the repository at this point in the history
  • Loading branch information
legobeat committed May 15, 2024
1 parent 8df9a32 commit bf7ef9c
Showing 1 changed file with 11 additions and 5 deletions.
16 changes: 11 additions & 5 deletions packages/snaps-utils/src/ui.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ import { lexer, walkTokens } from 'marked';
import type { Token, Tokens } from 'marked';

const MAX_TEXT_LENGTH = 50_000; // 50 kb
const ALLOWED_PROTOCOLS = ['https:', 'mailto:'];
const DEFAULT_ALLOWED_PROTOCOLS = ['https:', 'mailto:'];

/**
* Get the button variant from a legacy button component variant.
Expand Down Expand Up @@ -320,16 +320,18 @@ function getMarkdownLinks(text: string) {
* @param link - The link to validate.
* @param isOnPhishingList - The function that checks the link against the
* phishing list.
* @param allowedProtocols - Allowed protocols (example: ['https:'])

Check failure on line 323 in packages/snaps-utils/src/ui.tsx

View workflow job for this annotation

GitHub Actions / Build, lint, and test / Lint (@metamask/snaps-utils)

JSDoc description does not satisfy the regex pattern
*/
function validateLink(
link: string,
isOnPhishingList: (url: string) => boolean,
allowedProtocols: string[],
) {
try {
const url = new URL(link);
assert(
ALLOWED_PROTOCOLS.includes(url.protocol),
`Protocol must be one of: ${ALLOWED_PROTOCOLS.join(', ')}.`,
allowedProtocols.includes(url.protocol),
`Protocol must be one of: ${allowedProtocols.join(', ')}.`,
);

const hostname =
Expand All @@ -352,16 +354,18 @@ function validateLink(
* @param text - The text to verify.
* @param isOnPhishingList - The function that checks the link against the
* phishing list.
* @param allowedProtocols - Allowed protocols (example: ['https:'])

Check failure on line 357 in packages/snaps-utils/src/ui.tsx

View workflow job for this annotation

GitHub Actions / Build, lint, and test / Lint (@metamask/snaps-utils)

JSDoc description does not satisfy the regex pattern
* @throws If the text contains a link that is not allowed.
*/
export function validateTextLinks(
text: string,
isOnPhishingList: (url: string) => boolean,
allowedProtocols: string[] = DEFAULT_ALLOWED_PROTOCOLS,
) {
const links = getMarkdownLinks(text);

for (const link of links) {
validateLink(link.href, isOnPhishingList);
validateLink(link.href, isOnPhishingList, allowedProtocols);
}
}

Expand All @@ -372,17 +376,19 @@ export function validateTextLinks(
* @param node - The JSX node to walk.
* @param isOnPhishingList - The function that checks the link against the
* phishing list.
* @param allowedProtocols - Allowed protocols (example: ['https:'])

Check failure on line 379 in packages/snaps-utils/src/ui.tsx

View workflow job for this annotation

GitHub Actions / Build, lint, and test / Lint (@metamask/snaps-utils)

JSDoc description does not satisfy the regex pattern
*/
export function validateJsxLinks(
node: JSXElement,
isOnPhishingList: (url: string) => boolean,
allowedProtocols: string[] = DEFAULT_ALLOWED_PROTOCOLS,
) {
walkJsx(node, (childNode) => {
if (childNode.type !== 'Link') {
return;
}

validateLink(childNode.props.href, isOnPhishingList);
validateLink(childNode.props.href, isOnPhishingList, allowedProtocols);
});
}

Expand Down

0 comments on commit bf7ef9c

Please sign in to comment.