diff options
| author | Paul Frazee <pfrazee@gmail.com> | 2023-04-15 09:24:03 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-04-15 09:24:03 -0700 |
| commit | a79dcd3d3890b2b705cb1e687cf0f31e109fbf74 (patch) | |
| tree | eb4389185ec18afa12db5154d134f9b0004ba5e1 /src | |
| parent | a6634ec45d24889d07ed8243b2c7cdc98ac6a115 (diff) | |
| download | voidsky-a79dcd3d3890b2b705cb1e687cf0f31e109fbf74.tar.zst | |
Fix: sanitize URLs before placing them on the page (#488)
Diffstat (limited to 'src')
| -rw-r--r-- | src/view/com/util/Link.tsx | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/src/view/com/util/Link.tsx b/src/view/com/util/Link.tsx index 5215a0231..5110acf48 100644 --- a/src/view/com/util/Link.tsx +++ b/src/view/com/util/Link.tsx @@ -23,6 +23,7 @@ import {router} from '../../../routes' import {useStores, RootStoreModel} from 'state/index' import {convertBskyAppUrlIfNeeded} from 'lib/strings/url-helpers' import {isDesktopWeb} from 'platform/detection' +import {sanitizeUrl} from '@braintree/sanitize-url' type Event = | React.MouseEvent<HTMLAnchorElement, MouseEvent> @@ -51,7 +52,7 @@ export const Link = observer(function Link({ const onPress = React.useCallback( (e?: Event) => { if (typeof href === 'string') { - return onPressInner(store, navigation, href, e) + return onPressInner(store, navigation, sanitizeUrl(href), e) } }, [store, navigation, href], @@ -63,7 +64,7 @@ export const Link = observer(function Link({ testID={testID} onPress={onPress} // @ts-ignore web only -prf - href={asAnchor ? href : undefined}> + href={asAnchor ? sanitizeUrl(href) : undefined}> <View style={style}> {children ? children : <Text>{title || 'link'}</Text>} </View> @@ -76,7 +77,7 @@ export const Link = observer(function Link({ style={style} onPress={onPress} // @ts-ignore web only -prf - href={asAnchor ? href : undefined}> + href={asAnchor ? sanitizeUrl(href) : undefined}> {children ? children : <Text>{title || 'link'}</Text>} </TouchableOpacity> ) @@ -101,13 +102,13 @@ export const TextLink = observer(function TextLink({ lineHeight?: number dataSet?: any }) { - const {...props} = useLinkProps({to: href}) + const {...props} = useLinkProps({to: sanitizeUrl(href)}) const store = useStores() const navigation = useNavigation<NavigationProp>() props.onPress = React.useCallback( (e?: Event) => { - return onPressInner(store, navigation, href, e) + return onPressInner(store, navigation, sanitizeUrl(href), e) }, [store, navigation, href], ) |