diff options
| author | Paul Frazee <pfrazee@gmail.com> | 2023-04-15 09:24:03 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-04-15 09:24:03 -0700 |
| commit | a79dcd3d3890b2b705cb1e687cf0f31e109fbf74 (patch) | |
| tree | eb4389185ec18afa12db5154d134f9b0004ba5e1 | |
| parent | a6634ec45d24889d07ed8243b2c7cdc98ac6a115 (diff) | |
| download | voidsky-a79dcd3d3890b2b705cb1e687cf0f31e109fbf74.tar.zst | |
Fix: sanitize URLs before placing them on the page (#488)
| -rw-r--r-- | package.json | 1 | ||||
| -rw-r--r-- | src/view/com/util/Link.tsx | 11 | ||||
| -rw-r--r-- | yarn.lock | 5 |
3 files changed, 12 insertions, 5 deletions
diff --git a/package.json b/package.json index f6a71f76c..1e1a3442e 100644 --- a/package.json +++ b/package.json @@ -23,6 +23,7 @@ "dependencies": { "@atproto/api": "0.2.7", "@bam.tech/react-native-image-resizer": "^3.0.4", + "@braintree/sanitize-url": "^6.0.2", "@expo/webpack-config": "^18.0.1", "@fortawesome/fontawesome-svg-core": "^6.1.1", "@fortawesome/free-regular-svg-icons": "^6.1.1", diff --git a/src/view/com/util/Link.tsx b/src/view/com/util/Link.tsx index 5215a0231..5110acf48 100644 --- a/src/view/com/util/Link.tsx +++ b/src/view/com/util/Link.tsx @@ -23,6 +23,7 @@ import {router} from '../../../routes' import {useStores, RootStoreModel} from 'state/index' import {convertBskyAppUrlIfNeeded} from 'lib/strings/url-helpers' import {isDesktopWeb} from 'platform/detection' +import {sanitizeUrl} from '@braintree/sanitize-url' type Event = | React.MouseEvent<HTMLAnchorElement, MouseEvent> @@ -51,7 +52,7 @@ export const Link = observer(function Link({ const onPress = React.useCallback( (e?: Event) => { if (typeof href === 'string') { - return onPressInner(store, navigation, href, e) + return onPressInner(store, navigation, sanitizeUrl(href), e) } }, [store, navigation, href], @@ -63,7 +64,7 @@ export const Link = observer(function Link({ testID={testID} onPress={onPress} // @ts-ignore web only -prf - href={asAnchor ? href : undefined}> + href={asAnchor ? sanitizeUrl(href) : undefined}> <View style={style}> {children ? children : <Text>{title || 'link'}</Text>} </View> @@ -76,7 +77,7 @@ export const Link = observer(function Link({ style={style} onPress={onPress} // @ts-ignore web only -prf - href={asAnchor ? href : undefined}> + href={asAnchor ? sanitizeUrl(href) : undefined}> {children ? children : <Text>{title || 'link'}</Text>} </TouchableOpacity> ) @@ -101,13 +102,13 @@ export const TextLink = observer(function TextLink({ lineHeight?: number dataSet?: any }) { - const {...props} = useLinkProps({to: href}) + const {...props} = useLinkProps({to: sanitizeUrl(href)}) const store = useStores() const navigation = useNavigation<NavigationProp>() props.onPress = React.useCallback( (e?: Event) => { - return onPressInner(store, navigation, href, e) + return onPressInner(store, navigation, sanitizeUrl(href), e) }, [store, navigation, href], ) diff --git a/yarn.lock b/yarn.lock index 01dc5f876..5a014ff1b 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1326,6 +1326,11 @@ resolved "https://registry.yarnpkg.com/@bcoe/v8-coverage/-/v8-coverage-0.2.3.tgz#75a2e8b51cb758a7553d6804a5932d7aace75c39" integrity sha512-0hYQ8SB4Db5zvZB4axdMHGwEaQjkZzFjQiN9LVYvIFB2nSUHW9tYpxWriPrWDASIxiaXax83REcLxuSdnGPZtw== +"@braintree/sanitize-url@^6.0.2": + version "6.0.2" + resolved "https://registry.yarnpkg.com/@braintree/sanitize-url/-/sanitize-url-6.0.2.tgz#6110f918d273fe2af8ea1c4398a88774bb9fc12f" + integrity sha512-Tbsj02wXCbqGmzdnXNk0SOF19ChhRU70BsroIi4Pm6Ehp56in6vch94mfbdQ17DozxkL3BAVjbZ4Qc1a0HFRAg== + "@cspotcode/source-map-support@^0.8.0": version "0.8.1" resolved "https://registry.yarnpkg.com/@cspotcode/source-map-support/-/source-map-support-0.8.1.tgz#00629c35a688e05a88b1cda684fb9d5e73f000a1" |