summaryrefslogtreecommitdiff
path: root/app/assets/javascripts
diff options
context:
space:
mode:
authorKushal Pandya <kushalspandya@gmail.com>2019-06-03 14:42:30 +0000
committerKushal Pandya <kushalspandya@gmail.com>2019-06-03 14:42:30 +0000
commit07630b3bdf7b386b820b2b7c82ba756c46a52be6 (patch)
treefdc8a21f5854ad49f8dae1d84ba75c64df9eb506 /app/assets/javascripts
parent44f53d46234ae5263fad4320d8dc3308b0801891 (diff)
parent6ca5b19aafae10f0d9dfd3018e27f9b1731101f2 (diff)
downloadgitlab-ce-07630b3bdf7b386b820b2b7c82ba756c46a52be6.tar.gz
Merge branch 'issafeurl-utility' into 'master'
Add global isSafeURL utility See merge request gitlab-org/gitlab-ce!28943
Diffstat (limited to 'app/assets/javascripts')
-rw-r--r--app/assets/javascripts/lib/utils/url_utility.js36
1 files changed, 36 insertions, 0 deletions
diff --git a/app/assets/javascripts/lib/utils/url_utility.js b/app/assets/javascripts/lib/utils/url_utility.js
index bdfd06fc250..4a9cd1b6f42 100644
--- a/app/assets/javascripts/lib/utils/url_utility.js
+++ b/app/assets/javascripts/lib/utils/url_utility.js
@@ -121,4 +121,40 @@ export function webIDEUrl(route = undefined) {
return returnUrl;
}
+/**
+ * Returns current base URL
+ */
+export function getBaseURL() {
+ const { protocol, host } = window.location;
+ return `${protocol}//${host}`;
+}
+
+/**
+ * Returns true if url is an absolute or root-relative URL
+ *
+ * @param {String} url
+ */
+export function isAbsoluteOrRootRelative(url) {
+ return /^(https?:)?\//.test(url);
+}
+
+/**
+ * Checks if the provided URL is a safe URL (absolute http(s) or root-relative URL)
+ *
+ * @param {String} url that will be checked
+ * @returns {Boolean}
+ */
+export function isSafeURL(url) {
+ if (!isAbsoluteOrRootRelative(url)) {
+ return false;
+ }
+
+ try {
+ const parsedUrl = new URL(url, getBaseURL());
+ return ['http:', 'https:'].includes(parsedUrl.protocol);
+ } catch {
+ return false;
+ }
+}
+
export { join as joinPaths } from 'path';
View Lorry Controller Status