Added mailto protocol to safe list

c70a256e · Ariel Fuggini · JC Brand · efb48651 · c70a256e · c70a256e
Commit c70a256e authored May 07, 2020 by Ariel Fuggini Committed by JC Brand May 13, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 1 deletion

spec/xss.js spec/xss.js +6 -0

src/utils/html.js src/utils/html.js +1 -1

No files found.
--- a/spec/xss.js
+++ b/spec/xss.js
@@ -218,6 +218,9 @@ describe("XSS", function () {
            }, {
                entered: 'WWW.SOMETHING.COM/?x=dKasdDAsd4JAsd3OAJSD23osajAidj',
                href: 'http://WWW.SOMETHING.COM/?x=dKasdDAsd4JAsd3OAJSD23osajAidj',
+            }, {
+                entered: 'mailto:test@mail.org',
+                href: 'mailto:test@mail.org',
            }];

            function checkNonParsedURL (url) {
@@ -259,6 +262,9 @@ describe("XSS", function () {
            await mock.sendMessage(view, good_urls[4].entered);
            checkParsedURL(good_urls[4]);

+            await mock.sendMessage(view, good_urls[5].entered);
+            checkParsedURL(good_urls[5]);
+
            done();
        }));
    });

--- a/src/utils/html.js
+++ b/src/utils/html.js
@@ -22,7 +22,7 @@ import tpl_video from "../templates/video.js";
 import u from "../headless/utils/core";

 const URL_REGEX = /\b(https?\:\/\/|www\.|https?:\/\/www\.)[^\s<>]{2,200}\b\/?/g;
-const APPROVED_URL_PROTOCOLS = ['http', 'https', 'xmpp'];
+const APPROVED_URL_PROTOCOLS = ['http', 'https', 'xmpp', 'mailto'];

 function getAutoCompleteProperty (name, options) {
    return {