mirrors/barkey
1
0
Fork 0
mirror of https://codeberg.org/yeentown/barkey.git synced 2025-11-04 15:34:13 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

use the whole hostname to check remote links - fixes #866

Browse source 
the warning dialog's "trust this domain" toggle saves the whole
hostname, so this code needs to use the whole hostname

otherwise trusting a `www.example.com` will never work, because we'd
be checking `example.com` against it, and fail

while I was there, I also made the `trustedLinkUrlPatterns` correctly
match sub-domains: previously, trusting `ple.com` would trust
`example.com`
This commit is contained in:
dakkar 2025-01-02 10:03:16 +00:00
parent 565c987744
commit ac0c6841aa
1 changed files with 15 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
packages/frontend/src/scripts/warning-external-website.ts
View file

@ -8,13 +8,21 @@ import { defaultStore } from '@/store.js';
import * as os from '@/os.js'; import * as os from '@/os.js';
import MkUrlWarningDialog from '@/components/MkUrlWarningDialog.vue'; import MkUrlWarningDialog from '@/components/MkUrlWarningDialog.vue';
const extractDomain = /^(https?:\/\/|\/\/)?([^@/\s]+@)?(www\.)?([^:/\s]+)/i;
const isRegExp = /^\/(.+)\/(.*)$/; const isRegExp = /^\/(.+)\/(.*)$/;
export async function warningExternalWebsite(url: string) { function extractHostname(maybeUrl: string): URL | null {
const domain = extractDomain.exec(url)?.[4]; try {
const url = new URL(maybeUrl);
return url.host;
} catch {
return null;
}
}
if (!domain) return false; export async function warningExternalWebsite(url: string) {
const hostname = extractHostname(url);
if (!hostname) return false;
const isTrustedByInstance = instance.trustedLinkUrlPatterns.some(expression => { const isTrustedByInstance = instance.trustedLinkUrlPatterns.some(expression => {
const r = isRegExp.exec(expression); const r = isRegExp.exec(expression);
@ -24,11 +32,11 @@ export async function warningExternalWebsite(url: string) {
} else if (expression.includes(' ')) { } else if (expression.includes(' ')) {
return expression.split(' ').every(keyword => url.includes(keyword)); return expression.split(' ').every(keyword => url.includes(keyword));
} else { } else {
return domain.endsWith(expression); return `.${hostname}`.endsWith(`.${expression}`);
} }
}); });
const isTrustedByUser = defaultStore.reactiveState.trustedDomains.value.includes(domain); const isTrustedByUser = defaultStore.reactiveState.trustedDomains.value.includes(hostname);
const isDisabledByUser = !defaultStore.reactiveState.warnExternalUrl.value; const isDisabledByUser = !defaultStore.reactiveState.warnExternalUrl.value;
if (!isTrustedByInstance && !isTrustedByUser && !isDisabledByUser) { if (!isTrustedByInstance && !isTrustedByUser && !isDisabledByUser) {
@ -44,7 +52,7 @@ export async function warningExternalWebsite(url: string) {
}); });
if (confirm.canceled) return false; if (confirm.canceled) return false;
return window.open(url, '_blank', 'nofollow noopener popup=false'); return window.open(url, '_blank', 'nofollow noopener popup=false');
} }