Only process signal domain links if they have hash/path/query
This commit is contained in:
Scott Nonnenberg
GitHub
parent
5e9f3d5171
commit
450051e541
|
|
@ -121,16 +121,32 @@ describe('sgnlHref', () => {
|
|||
});
|
||||
|
||||
it('returns false if the protocol is not "https:"', () => {
|
||||
assert.isFalse(isSignalHttpsLink('sgnl://signal.art', explodingLogger));
|
||||
assert.isFalse(
|
||||
isSignalHttpsLink(
|
||||
'sgnl://signal.art/addstickers/?pack_id=abc',
|
||||
'sgnl://signal.art/#pack_id=234234&pack_key=342342',
|
||||
explodingLogger
|
||||
)
|
||||
);
|
||||
assert.isFalse(
|
||||
isSignalHttpsLink('signal://signal.group', explodingLogger)
|
||||
isSignalHttpsLink(
|
||||
'sgnl://signal.art/addstickers/#pack_id=234234&pack_key=342342',
|
||||
explodingLogger
|
||||
)
|
||||
);
|
||||
assert.isFalse(
|
||||
isSignalHttpsLink(
|
||||
'signal://signal.group/#AD234Dq342dSDJWE',
|
||||
explodingLogger
|
||||
)
|
||||
);
|
||||
});
|
||||
|
||||
it('returns false if missing path/hash/query', () => {
|
||||
assert.isFalse(
|
||||
isSignalHttpsLink('https://signal.group/', explodingLogger)
|
||||
);
|
||||
assert.isFalse(isSignalHttpsLink('https://signal.art/', explodingLogger));
|
||||
assert.isFalse(isSignalHttpsLink('https://signal.me/', explodingLogger));
|
||||
});
|
||||
|
||||
it('returns false if the URL is not a valid Signal URL', () => {
|
||||
|
|
@ -139,10 +155,39 @@ describe('sgnlHref', () => {
|
|||
});
|
||||
|
||||
it('returns true if the protocol is "https:"', () => {
|
||||
assert.isTrue(isSignalHttpsLink('https://signal.group', explodingLogger));
|
||||
assert.isTrue(isSignalHttpsLink('https://signal.art', explodingLogger));
|
||||
assert.isTrue(isSignalHttpsLink('HTTPS://signal.art', explodingLogger));
|
||||
assert.isTrue(isSignalHttpsLink('https://signal.me', explodingLogger));
|
||||
assert.isTrue(
|
||||
isSignalHttpsLink(
|
||||
'https://signal.group/#AD234Dq342dSDJWE',
|
||||
explodingLogger
|
||||
)
|
||||
);
|
||||
assert.isTrue(
|
||||
isSignalHttpsLink(
|
||||
'https://signal.group/AD234Dq342dSDJWE',
|
||||
explodingLogger
|
||||
)
|
||||
);
|
||||
assert.isTrue(
|
||||
isSignalHttpsLink(
|
||||
'https://signal.group/?AD234Dq342dSDJWE',
|
||||
explodingLogger
|
||||
)
|
||||
);
|
||||
assert.isTrue(
|
||||
isSignalHttpsLink(
|
||||
'https://signal.art/addstickers/#pack_id=234234&pack_key=342342',
|
||||
explodingLogger
|
||||
)
|
||||
);
|
||||
assert.isTrue(
|
||||
isSignalHttpsLink(
|
||||
'HTTPS://signal.art/addstickers/#pack_id=234234&pack_key=342342',
|
||||
explodingLogger
|
||||
)
|
||||
);
|
||||
assert.isTrue(
|
||||
isSignalHttpsLink('https://signal.me/#p/+32423432', explodingLogger)
|
||||
);
|
||||
});
|
||||
|
||||
it('returns false if username or password are set', () => {
|
||||
|
|
@ -153,14 +198,17 @@ describe('sgnlHref', () => {
|
|||
|
||||
it('returns false if port is set', () => {
|
||||
assert.isFalse(
|
||||
isSignalHttpsLink('https://signal.group:1234', explodingLogger)
|
||||
isSignalHttpsLink(
|
||||
'https://signal.group:1234/#AD234Dq342dSDJWE',
|
||||
explodingLogger
|
||||
)
|
||||
);
|
||||
});
|
||||
|
||||
it('accepts URL objects', () => {
|
||||
const invalid = new URL('sgnl://example.com');
|
||||
assert.isFalse(isSignalHttpsLink(invalid, explodingLogger));
|
||||
const valid = new URL('https://signal.art');
|
||||
const valid = new URL('https://signal.art/#AD234Dq342dSDJWE');
|
||||
assert.isTrue(isSignalHttpsLink(valid, explodingLogger));
|
||||
});
|
||||
});
|
||||
|
|
|
|||
|
|
@ -34,6 +34,8 @@ export function isCaptchaHref(
|
|||
return Boolean(url?.protocol === 'signalcaptcha:');
|
||||
}
|
||||
|
||||
// A link to a signal 'action' domain with private data in path/hash/query. We could
|
||||
// open a browser, but it will just link back to us. We will parse it locally instead.
|
||||
export function isSignalHttpsLink(
|
||||
value: string | URL,
|
||||
logger: LoggerType
|
||||
|
|
@ -45,7 +47,8 @@ export function isSignalHttpsLink(
|
|||
!url.password &&
|
||||
!url.port &&
|
||||
url.protocol === 'https:' &&
|
||||
SIGNAL_HOSTS.has(url.host)
|
||||
SIGNAL_HOSTS.has(url.host) &&
|
||||
(url.hash || url.pathname !== '/' || url.search)
|
||||
);
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue