From bf7ef9c258789ccc20cfd4d069b5708a45dbffba Mon Sep 17 00:00:00 2001 From: legobt <6wbvkn0j@anonaddy.me> Date: Wed, 15 May 2024 22:12:33 +0000 Subject: [PATCH] feat(snaps-utils): Allow overriding allowed protocols in validateLink --- packages/snaps-utils/src/ui.tsx | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/packages/snaps-utils/src/ui.tsx b/packages/snaps-utils/src/ui.tsx index cad94f4d53..6d5fa6b149 100644 --- a/packages/snaps-utils/src/ui.tsx +++ b/packages/snaps-utils/src/ui.tsx @@ -40,7 +40,7 @@ import { lexer, walkTokens } from 'marked'; import type { Token, Tokens } from 'marked'; const MAX_TEXT_LENGTH = 50_000; // 50 kb -const ALLOWED_PROTOCOLS = ['https:', 'mailto:']; +const DEFAULT_ALLOWED_PROTOCOLS = ['https:', 'mailto:']; /** * Get the button variant from a legacy button component variant. @@ -320,16 +320,18 @@ function getMarkdownLinks(text: string) { * @param link - The link to validate. * @param isOnPhishingList - The function that checks the link against the * phishing list. + * @param allowedProtocols - Allowed protocols (example: ['https:']) */ function validateLink( link: string, isOnPhishingList: (url: string) => boolean, + allowedProtocols: string[], ) { try { const url = new URL(link); assert( - ALLOWED_PROTOCOLS.includes(url.protocol), - `Protocol must be one of: ${ALLOWED_PROTOCOLS.join(', ')}.`, + allowedProtocols.includes(url.protocol), + `Protocol must be one of: ${allowedProtocols.join(', ')}.`, ); const hostname = @@ -352,16 +354,18 @@ function validateLink( * @param text - The text to verify. * @param isOnPhishingList - The function that checks the link against the * phishing list. + * @param allowedProtocols - Allowed protocols (example: ['https:']) * @throws If the text contains a link that is not allowed. */ export function validateTextLinks( text: string, isOnPhishingList: (url: string) => boolean, + allowedProtocols: string[] = DEFAULT_ALLOWED_PROTOCOLS, ) { const links = getMarkdownLinks(text); for (const link of links) { - validateLink(link.href, isOnPhishingList); + validateLink(link.href, isOnPhishingList, allowedProtocols); } } @@ -372,17 +376,19 @@ export function validateTextLinks( * @param node - The JSX node to walk. * @param isOnPhishingList - The function that checks the link against the * phishing list. + * @param allowedProtocols - Allowed protocols (example: ['https:']) */ export function validateJsxLinks( node: JSXElement, isOnPhishingList: (url: string) => boolean, + allowedProtocols: string[] = DEFAULT_ALLOWED_PROTOCOLS, ) { walkJsx(node, (childNode) => { if (childNode.type !== 'Link') { return; } - validateLink(childNode.props.href, isOnPhishingList); + validateLink(childNode.props.href, isOnPhishingList, allowedProtocols); }); }