Skip to content

C
converse.js
Commit 13652f6a authored by Christoph Scholz's avatar Christoph Scholz Committed by JC Brand
Browse files
Options

Errors caused by malformed URLs are now caught

parent 6ad0426a
Show whitespace changes
Inline Side-by-side
Showing with 70 additions and 37 deletions
CHANGES.md
View file @ 13652f6a
...@@ -31,6 +31,7 @@ ...@@ -31,6 +31,7 @@
- #1772: `_converse.api.contact.add(jid, nick)` fails, says not a function - #1772: `_converse.api.contact.add(jid, nick)` fails, says not a function
- #1792: Fix: modals don't have scrollbars - #1792: Fix: modals don't have scrollbars
- #1796: Don't show "back" arrow navigation (on mobile) in the chat header when in `singleton` mode - #1796: Don't show "back" arrow navigation (on mobile) in the chat header when in `singleton` mode
- #1821: Errors caused by malformed URLs are now handled
### Breaking changes ### Breaking changes
......
src/utils/html.js
View file @ 13652f6a
...@@ -81,7 +81,11 @@ const isImage = function (url) { ...@@ -81,7 +81,11 @@ const isImage = function (url) {
u.isAudioURL = function (url) { u.isAudioURL = function (url) {
if (!(url instanceof URI)) { if (!(url instanceof URI)) {
try {
url = new URI(url); url = new URI(url);
} catch (error) {
return false;
}
} }
const filename = url.filename().toLowerCase(); const filename = url.filename().toLowerCase();
if (url.protocol().toLowerCase() !== "https") { if (url.protocol().toLowerCase() !== "https") {
...@@ -93,7 +97,11 @@ u.isAudioURL = function (url) { ...@@ -93,7 +97,11 @@ u.isAudioURL = function (url) {
u.isImageURL = function (url) { u.isImageURL = function (url) {
if (!(url instanceof URI)) { if (!(url instanceof URI)) {
try {
url = new URI(url); url = new URI(url);
} catch (error) {
return false;
}
} }
const filename = url.filename().toLowerCase(); const filename = url.filename().toLowerCase();
if (window.location.protocol === 'https:' && url.protocol().toLowerCase() !== "https") { if (window.location.protocol === 'https:' && url.protocol().toLowerCase() !== "https") {
...@@ -108,7 +116,11 @@ u.isImageURL = function (url) { ...@@ -108,7 +116,11 @@ u.isImageURL = function (url) {
u.isVideoURL = function (url) { u.isVideoURL = function (url) {
if (!(url instanceof URI)) { if (!(url instanceof URI)) {
try {
url = new URI(url); url = new URI(url);
} catch (error) {
return false;
}
} }
const filename = url.filename().toLowerCase(); const filename = url.filename().toLowerCase();
if (url.protocol().toLowerCase() !== "https") { if (url.protocol().toLowerCase() !== "https") {
...@@ -119,6 +131,7 @@ u.isVideoURL = function (url) { ...@@ -119,6 +131,7 @@ u.isVideoURL = function (url) {
u.renderAudioURL = function (_converse, url) { u.renderAudioURL = function (_converse, url) {
try {
const uri = new URI(url); const uri = new URI(url);
if (u.isAudioURL(uri)) { if (u.isAudioURL(uri)) {
const { __ } = _converse; const { __ } = _converse;
...@@ -127,11 +140,15 @@ u.renderAudioURL = function (_converse, url) { ...@@ -127,11 +140,15 @@ u.renderAudioURL = function (_converse, url) {
'label_download': __('Download audio file "%1$s"', decodeURI(uri.filename())) 'label_download': __('Download audio file "%1$s"', decodeURI(uri.filename()))
}) })
} }
} catch (error) {
// decodeURI may throw error in case of malformed URIs
}
return url; return url;
}; };
u.renderFileURL = function (_converse, url) { u.renderFileURL = function (_converse, url) {
try {
const uri = new URI(url); const uri = new URI(url);
if (u.isImageURL(uri) || u.isVideoURL(uri) || u.isAudioURL(uri)) { if (u.isImageURL(uri) || u.isVideoURL(uri) || u.isAudioURL(uri)) {
return url; return url;
...@@ -142,12 +159,16 @@ u.renderFileURL = function (_converse, url) { ...@@ -142,12 +159,16 @@ u.renderFileURL = function (_converse, url) {
'url': url, 'url': url,
'label_download': __('Download file "%1$s"', decodeURI(filename)) 'label_download': __('Download file "%1$s"', decodeURI(filename))
}) })
} catch (error) {
return url;
}
}; };
u.renderImageURL = function (_converse, url) { u.renderImageURL = function (_converse, url) {
if (!_converse.show_images_inline) { if (!_converse.show_images_inline) {
return u.addHyperlinks(url); return u.addHyperlinks(url);
} }
try {
const uri = new URI(url); const uri = new URI(url);
if (u.isImageURL(uri)) { if (u.isImageURL(uri)) {
const { __ } = _converse; const { __ } = _converse;
...@@ -156,6 +177,9 @@ u.renderImageURL = function (_converse, url) { ...@@ -156,6 +177,9 @@ u.renderImageURL = function (_converse, url) {
'label_download': __('Download image "%1$s"', decodeURI(uri.filename())) 'label_download': __('Download image "%1$s"', decodeURI(uri.filename()))
}) })
} }
} catch (error) {
// decodeURI may throw error in case of malformed URIs
}
return url; return url;
}; };
...@@ -221,10 +245,14 @@ u.renderImageURLs = function (_converse, el) { ...@@ -221,10 +245,14 @@ u.renderImageURLs = function (_converse, el) {
u.renderMovieURL = function (_converse, url) { u.renderMovieURL = function (_converse, url) {
try {
const uri = new URI(url); const uri = new URI(url);
if (u.isVideoURL(uri)) { if (u.isVideoURL(uri)) {
return tpl_video({url}); return tpl_video({url});
} }
} catch (error) {
// decodeURI may throw error in case of malformed URIs
}
return url; return url;
}; };
...@@ -385,6 +413,7 @@ u.addMentionsMarkup = function (text, references, chatbox) { ...@@ -385,6 +413,7 @@ u.addMentionsMarkup = function (text, references, chatbox) {
u.addHyperlinks = function (text) { u.addHyperlinks = function (text) {
return URI.withinString(text, url => { return URI.withinString(text, url => {
try {
const uri = new URI(url); const uri = new URI(url);
url = uri.normalize()._string; url = uri.normalize()._string;
const pretty_url = uri._parts.urn ? url : uri.readable(); const pretty_url = uri._parts.urn ? url : uri.readable();
...@@ -395,6 +424,9 @@ u.addHyperlinks = function (text) { ...@@ -395,6 +424,9 @@ u.addHyperlinks = function (text) {
return `<a target="_blank" rel="noopener" class="open-chatroom" href="${url}">${u.escapeHTML(pretty_url)}</a>`; return `<a target="_blank" rel="noopener" class="open-chatroom" href="${url}">${u.escapeHTML(pretty_url)}</a>`;
} }
return `<a target="_blank" rel="noopener" href="${url}">${u.escapeHTML(pretty_url)}</a>`; return `<a target="_blank" rel="noopener" href="${url}">${u.escapeHTML(pretty_url)}</a>`;
} catch (error) {
return url;
}
}, { }, {
'start': /\b(?:([a-z][a-z0-9.+-]*:\/\/)|xmpp:|mailto:|www\.)/gi 'start': /\b(?:([a-z][a-z0-9.+-]*:\/\/)|xmpp:|mailto:|www\.)/gi
}); });
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7