[Libreoffice-commits] online.git: loleaflet/.eslintignore loleaflet/js loleaflet/Makefile.am loleaflet/package.json loleaflet/README

Henry Castro (via logerrit) logerrit at kemper.freedesktop.org
Thu Feb 20 12:21:02 UTC 2020 

 loleaflet/.eslintignore      |    1 
 loleaflet/Makefile.am        |    7 +++---
 loleaflet/README             |    3 ++
 loleaflet/js/sanitize-url.js |   45 +++++++++++++++++++++++++++++++++++++++++++
 loleaflet/package.json       |    3 --
 5 files changed, 53 insertions(+), 6 deletions(-)

New commits:
commit 5cc7ba2d77361d8c963576e1ef6d97f8eb0ead86
Author:     Henry Castro <hcastro at collabora.com>
AuthorDate: Wed Feb 19 15:08:17 2020 -0400
Commit:     Henry Castro <hcastro at collabora.com>
CommitDate: Thu Feb 20 13:20:44 2020 +0100

    loleaflet: import sanitize-url.js library
    
    The file was imported from node_modules/@braintree/sanitize-url/index.js
    the main reason is to analyze the source code, debug and patch
    if necessary
    
    To obtain the source code from npm repository
    
    make libs
    
    To bundle the file sanitize-url.js
    
    browserify braintree-sanitize-url/index.js --standalone sanitizeUrl > sanitize-url.js
    
    Change-Id: I7869a1349648ae1f8f2194859ebb398b1a73733e
    Reviewed-on: https://gerrit.libreoffice.org/c/online/+/89055
    Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice at gmail.com>
    Reviewed-by: Henry Castro <hcastro at collabora.com>

diff --git a/loleaflet/.eslintignore b/loleaflet/.eslintignore
index 4d6c90ac9..04f898987 100644
--- a/loleaflet/.eslintignore
+++ b/loleaflet/.eslintignore
@@ -1,4 +1,5 @@
 # We only directly edit toolbar.js in dist/
+**/js/sanitize-url.js
 **/js/l10n.js
 **/js/w2ui-1.5.rc1.js
 **/src/unocommands.js
diff --git a/loleaflet/Makefile.am b/loleaflet/Makefile.am
index e52c2288a..8eee500ab 100644
--- a/loleaflet/Makefile.am
+++ b/loleaflet/Makefile.am
@@ -72,6 +72,7 @@ define npm_source
 endef
 
 NODE_MODULES_SRC =\
+	@braintree/sanitize-url at 3.0.0 \
 	l10n-for-node at 0.0.1
 
 LOLEAFLET_CSS =\
@@ -122,10 +123,10 @@ NODE_MODULES_JS =\
 	node_modules/autolinker/dist/Autolinker.js \
 	node_modules/json-js/json2.js \
 	node_modules/select2/dist/js/select2.js \
-	node_modules/vex-js/dist/js/vex.combined.js \
-	node_modules/@braintree/sanitize-url/dist.js
+	node_modules/vex-js/dist/js/vex.combined.js
 
-LOLEAFLET_LIBS_JS =
+LOLEAFLET_LIBS_JS =\
+	sanitize-url.js
 
 if !ENABLE_MOBILEAPP
 LOLEAFLET_LIBS_JS +=\
diff --git a/loleaflet/README b/loleaflet/README
index d9a3dbddc..0ac0571df 100644
--- a/loleaflet/README
+++ b/loleaflet/README
@@ -41,6 +41,9 @@ in node_modules/.bin/shrinkpack, so you can use the binary from there.
 If you need to get the sources:
 	make libs
 
+To bundle the file sanitize-url.js
+	browserify braintree-sanitize-url/index.js --standalone sanitizeUrl > sanitize-url.js
+
 Building
 --------
 
diff --git a/loleaflet/js/sanitize-url.js b/loleaflet/js/sanitize-url.js
new file mode 100644
index 000000000..ee8975589
--- /dev/null
+++ b/loleaflet/js/sanitize-url.js
@@ -0,0 +1,45 @@
+(function(f){if(typeof exports==="object"&&typeof module!=="undefined"){module.exports=f()}else if(typeof define==="function"&&define.amd){define([],f)}else{var g;if(typeof window!=="undefined"){g=window}else if(typeof global!=="undefined"){g=global}else if(typeof self!=="undefined"){g=self}else{g=this}g.sanitizeUrl = f()}})(function(){var define,module,exports;return (function(){function r(e,n,t){function o(i,f){if(!n[i]){if(!e[i]){var c="function"==typeof require&&require;if(!f&&c)return c(i,!0);if(u)return u(i,!0);var a=new Error("Cannot find module '"+i+"'");throw a.code="MODULE_NOT_FOUND",a}var p=n[i]={exports:{}};e[i][0].call(p.exports,function(r){var n=e[i][1][r];return o(n||r)},p,p.exports,r,e,n,t)}return n[i].exports}for(var u="function"==typeof require&&require,i=0;i<t.length;i++)o(t[i]);return o}return r})()({1:[function(require,module,exports){
+'use strict';
+
+var invalidPrototcolRegex = /^(%20|\s)*(javascript|data)/im;
+var ctrlCharactersRegex = /[^\x20-\x7E]/gmi;
+var urlSchemeRegex = /^([^:]+):/gm;
+var relativeFirstCharacters = ['.', '/']
+
+function isRelativeUrl(url) {
+  return relativeFirstCharacters.indexOf(url[0]) > -1;
+}
+
+function sanitizeUrl(url) {
+  if (!url) {
+    return 'about:blank';
+  }
+
+  var urlScheme, urlSchemeParseResults;
+  var sanitizedUrl = url.replace(ctrlCharactersRegex, '');
+  
+  if (isRelativeUrl(sanitizedUrl)) {
+    return sanitizedUrl;
+  }
+  
+  urlSchemeParseResults = sanitizedUrl.match(urlSchemeRegex);
+
+  if (!urlSchemeParseResults) {
+    return 'about:blank';
+  }
+
+  urlScheme = urlSchemeParseResults[0];
+
+  if (invalidPrototcolRegex.test(urlScheme)) {
+    return 'about:blank';
+  }
+
+  return sanitizedUrl;
+}
+
+module.exports = {
+  sanitizeUrl: sanitizeUrl
+};
+
+},{}]},{},[1])(1)
+});
diff --git a/loleaflet/package.json b/loleaflet/package.json
index 420c8bd8f..a52a754fc 100644
--- a/loleaflet/package.json
+++ b/loleaflet/package.json
@@ -36,8 +36,5 @@
     "libreoffice",
     "lool"
   ],
-  "scripts": {
-    "postinstall": "browserify node_modules/@braintree/sanitize-url/index.js --standalone sanitizeUrl > node_modules/@braintree/sanitize-url/dist.js"
-  },
   "license": "BSD-2-Clause"
 }

More information about the Libreoffice-commits mailing list