From 07baa63e9d8548173cd9078483c059eaf279caa8 Mon Sep 17 00:00:00 2001 From: lohit Date: Wed, 18 Sep 2024 17:02:39 +0530 Subject: [PATCH] fix: validate docs links (#3122) * fix: validate docs links * fix: only allow external urls, ignore filesystem paths * fix: updates * chore: revert spacing --- packages/bruno-app/src/components/MarkDown/index.jsx | 3 ++- packages/bruno-electron/src/index.js | 11 +++++++++-- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/packages/bruno-app/src/components/MarkDown/index.jsx b/packages/bruno-app/src/components/MarkDown/index.jsx index 3c778c5a6..e6582a8b6 100644 --- a/packages/bruno-app/src/components/MarkDown/index.jsx +++ b/packages/bruno-app/src/components/MarkDown/index.jsx @@ -2,6 +2,7 @@ import MarkdownIt from 'markdown-it'; import * as MarkdownItReplaceLink from 'markdown-it-replace-link'; import StyledWrapper from './StyledWrapper'; import React from 'react'; +import { isValidUrl } from 'utils/url/index'; const Markdown = ({ collectionPath, onDoubleClick, content }) => { const markdownItOptions = { @@ -15,7 +16,7 @@ const Markdown = ({ collectionPath, onDoubleClick, content }) => { if (target.tagName === 'A') { event.preventDefault(); const href = target.getAttribute('href'); - if (href) { + if (href && isValidUrl(href)) { window.open(href, '_blank'); return; } diff --git a/packages/bruno-electron/src/index.js b/packages/bruno-electron/src/index.js index db5deecae..6efc531c0 100644 --- a/packages/bruno-electron/src/index.js +++ b/packages/bruno-electron/src/index.js @@ -129,8 +129,15 @@ app.on('ready', async () => { } }); - mainWindow.webContents.setWindowOpenHandler((details) => { - require('electron').shell.openExternal(details.url); + mainWindow.webContents.setWindowOpenHandler(({ url }) => { + try { + const { protocol } = new URL(url); + if (['https:', 'http:'].includes(protocol)) { + require('electron').shell.openExternal(url); + } + } catch (e) { + console.error(e); + } return { action: 'deny' }; });