Commit c70a256e authored by Ariel Fuggini's avatar Ariel Fuggini Committed by JC Brand

Added mailto protocol to safe list

parent efb48651
......@@ -218,6 +218,9 @@ describe("XSS", function () {
}, {
entered: 'WWW.SOMETHING.COM/?x=dKasdDAsd4JAsd3OAJSD23osajAidj',
href: 'http://WWW.SOMETHING.COM/?x=dKasdDAsd4JAsd3OAJSD23osajAidj',
}, {
entered: 'mailto:test@mail.org',
href: 'mailto:test@mail.org',
}];
function checkNonParsedURL (url) {
......@@ -259,6 +262,9 @@ describe("XSS", function () {
await mock.sendMessage(view, good_urls[4].entered);
checkParsedURL(good_urls[4]);
await mock.sendMessage(view, good_urls[5].entered);
checkParsedURL(good_urls[5]);
done();
}));
});
......
......@@ -22,7 +22,7 @@ import tpl_video from "../templates/video.js";
import u from "../headless/utils/core";
const URL_REGEX = /\b(https?\:\/\/|www\.|https?:\/\/www\.)[^\s<>]{2,200}\b\/?/g;
const APPROVED_URL_PROTOCOLS = ['http', 'https', 'xmpp'];
const APPROVED_URL_PROTOCOLS = ['http', 'https', 'xmpp', 'mailto'];
function getAutoCompleteProperty (name, options) {
return {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment