Skip to content

Commit bf7ef9c

Browse files
legobeatlegobeat
committed
feat(snaps-utils): Allow overriding allowed protocols in validateLink
1 parent 8df9a32 commit bf7ef9c

File tree

1 file changed

+11
-5
lines changed
  • packages/snaps-utils/src

1 file changed

+11
-5
lines changed

packages/snaps-utils/src/ui.tsx

Lines changed: 11 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,7 @@ import { lexer, walkTokens } from 'marked';
4040
import type { Token, Tokens } from 'marked';
4141

4242
const MAX_TEXT_LENGTH = 50_000; // 50 kb
43-
const ALLOWED_PROTOCOLS = ['https:', 'mailto:'];
43+
const DEFAULT_ALLOWED_PROTOCOLS = ['https:', 'mailto:'];
4444

4545
/**
4646
* Get the button variant from a legacy button component variant.
@@ -320,16 +320,18 @@ function getMarkdownLinks(text: string) {
320320
* @param link - The link to validate.
321321
* @param isOnPhishingList - The function that checks the link against the
322322
* phishing list.
323+
* @param allowedProtocols - Allowed protocols (example: ['https:'])
323324
*/
324325
function validateLink(
325326
link: string,
326327
isOnPhishingList: (url: string) => boolean,
328+
allowedProtocols: string[],
327329
) {
328330
try {
329331
const url = new URL(link);
330332
assert(
331-
ALLOWED_PROTOCOLS.includes(url.protocol),
332-
`Protocol must be one of: ${ALLOWED_PROTOCOLS.join(', ')}.`,
333+
allowedProtocols.includes(url.protocol),
334+
`Protocol must be one of: ${allowedProtocols.join(', ')}.`,
333335
);
334336

335337
const hostname =
@@ -352,16 +354,18 @@ function validateLink(
352354
* @param text - The text to verify.
353355
* @param isOnPhishingList - The function that checks the link against the
354356
* phishing list.
357+
* @param allowedProtocols - Allowed protocols (example: ['https:'])
355358
* @throws If the text contains a link that is not allowed.
356359
*/
357360
export function validateTextLinks(
358361
text: string,
359362
isOnPhishingList: (url: string) => boolean,
363+
allowedProtocols: string[] = DEFAULT_ALLOWED_PROTOCOLS,
360364
) {
361365
const links = getMarkdownLinks(text);
362366

363367
for (const link of links) {
364-
validateLink(link.href, isOnPhishingList);
368+
validateLink(link.href, isOnPhishingList, allowedProtocols);
365369
}
366370
}
367371

@@ -372,17 +376,19 @@ export function validateTextLinks(
372376
* @param node - The JSX node to walk.
373377
* @param isOnPhishingList - The function that checks the link against the
374378
* phishing list.
379+
* @param allowedProtocols - Allowed protocols (example: ['https:'])
375380
*/
376381
export function validateJsxLinks(
377382
node: JSXElement,
378383
isOnPhishingList: (url: string) => boolean,
384+
allowedProtocols: string[] = DEFAULT_ALLOWED_PROTOCOLS,
379385
) {
380386
walkJsx(node, (childNode) => {
381387
if (childNode.type !== 'Link') {
382388
return;
383389
}
384390

385-
validateLink(childNode.props.href, isOnPhishingList);
391+
validateLink(childNode.props.href, isOnPhishingList, allowedProtocols);
386392
});
387393
}
388394

0 commit comments

Comments
 (0)