Added mailto protocol to safe list

This commit is contained in:
Ariel Fuggini 2020-05-07 12:35:15 -05:00 committed by JC Brand
parent efb486511c
commit c70a256eb1
2 changed files with 7 additions and 1 deletions

View File

@ -218,6 +218,9 @@ describe("XSS", function () {
}, {
entered: 'WWW.SOMETHING.COM/?x=dKasdDAsd4JAsd3OAJSD23osajAidj',
href: 'http://WWW.SOMETHING.COM/?x=dKasdDAsd4JAsd3OAJSD23osajAidj',
}, {
entered: 'mailto:test@mail.org',
href: 'mailto:test@mail.org',
}];
function checkNonParsedURL (url) {
@ -259,6 +262,9 @@ describe("XSS", function () {
await mock.sendMessage(view, good_urls[4].entered);
checkParsedURL(good_urls[4]);
await mock.sendMessage(view, good_urls[5].entered);
checkParsedURL(good_urls[5]);
done();
}));
});

View File

@ -22,7 +22,7 @@ import tpl_video from "../templates/video.js";
import u from "../headless/utils/core";
const URL_REGEX = /\b(https?\:\/\/|www\.|https?:\/\/www\.)[^\s<>]{2,200}\b\/?/g;
const APPROVED_URL_PROTOCOLS = ['http', 'https', 'xmpp'];
const APPROVED_URL_PROTOCOLS = ['http', 'https', 'xmpp', 'mailto'];
function getAutoCompleteProperty (name, options) {
return {