loleaflet/Makefile.am | 3
++-
loleaflet/archived-packages/@braintree/sanitize-url-3.0.0-a0ce629d1.tar |binary
loleaflet/package.json | 4
++++
loleaflet/src/control/Control.AlertDialog.js | 8
++++----
4 files changed, 10 insertions(+), 5 deletions(-)
New commits:
commit 0821940ae7a52e3479e31fd273701524dcf9d15e
Author: Alexandru Vlăduţu <alexandru.vlad...@1and1.ro>
AuthorDate: Tue Apr 2 09:24:18 2019 +0300
Commit: Szymon Kłos <szymon.k...@collabora.com>
CommitDate: Tue Apr 2 14:45:13 2019 +0200
loleaflet: check document hyperlink before open
Change-Id: Ie2b1ba8baf49136fa805ab5b3a52f7b7fb5827df
Reviewed-on: https://gerrit.libreoffice.org/70113
Reviewed-by: Samuel Mehrbrodt <samuel.mehrbr...@cib.de>
Reviewed-by: Szymon Kłos <szymon.k...@collabora.com>
Tested-by: Szymon Kłos <szymon.k...@collabora.com>
diff --git a/loleaflet/Makefile.am b/loleaflet/Makefile.am
index 7adbd48c6..b3e084148 100644
--- a/loleaflet/Makefile.am
+++ b/loleaflet/Makefile.am
@@ -97,7 +97,8 @@ NODE_MODULES_JS =\
node_modules/json-js/json2.js \
node_modules/select2/dist/js/select2.js \
node_modules/vex-js/js/vex.js \
- node_modules/vex-js/js/vex.dialog.js
+ node_modules/vex-js/js/vex.dialog.js \
+ node_modules/@braintree/sanitize-url/dist.js
if !ENABLE_MOBILEAPP
NODE_MODULES_JS +=\
diff --git
a/loleaflet/archived-packages/@braintree/sanitize-url-3.0.0-a0ce629d1.tar
b/loleaflet/archived-packages/@braintree/sanitize-url-3.0.0-a0ce629d1.tar
new file mode 100644
index 000000000..0c85c0423
Binary files /dev/null and
b/loleaflet/archived-packages/@braintree/sanitize-url-3.0.0-a0ce629d1.tar differ
diff --git a/loleaflet/package.json b/loleaflet/package.json
index 146000230..d7baa176b 100644
--- a/loleaflet/package.json
+++ b/loleaflet/package.json
@@ -3,6 +3,7 @@
"version": "0.8.0-dev",
"description": "LibreOffice online front-end",
"devDependencies": {
+ "@braintree/sanitize-url": "3.0.0",
"@types/jquery": "2.0.40",
"autolinker": "1.4.3",
"bootstrap": "3.3.6",
@@ -35,5 +36,8 @@
"libreoffice",
"lool"
],
+ "scripts": {
+ "postinstall": "browserify node_modules/@braintree/sanitize-url/index.js
--standalone sanitizeUrl > node_modules/@braintree/sanitize-url/dist.js"
+ },
"license": "BSD-2-Clause"
}
diff --git a/loleaflet/src/control/Control.AlertDialog.js
b/loleaflet/src/control/Control.AlertDialog.js
index bb4c61685..336c14dd7 100644
--- a/loleaflet/src/control/Control.AlertDialog.js
+++ b/loleaflet/src/control/Control.AlertDialog.js
@@ -3,7 +3,7 @@
* L.Control.Dialog used for displaying alerts
*/
-/* global _ vex */
+/* global _ vex sanitizeUrl */
L.Control.AlertDialog = L.Control.extend({
onAdd: function (map) {
// TODO: Better distinction between warnings and errors
@@ -28,9 +28,9 @@ L.Control.AlertDialog = L.Control.extend({
var url = e.url;
var messageText = window.errorMessages.leaving;
- var isLinkValid = true;
- if (url.trim().toLowerCase().startsWith('javascript:'))
{
- isLinkValid = false;
+ var isLinkValid = sanitizeUrl.sanitizeUrl(url) !==
'about:blank';
+
+ if (!isLinkValid) {
messageText = window.errorMessages.invalidLink;
messageText = messageText.replace('%url', url);
}
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
