diff options
author | Kushal Pandya <kushalspandya@gmail.com> | 2019-06-03 14:42:30 +0000 |
---|---|---|
committer | Kushal Pandya <kushalspandya@gmail.com> | 2019-06-03 14:42:30 +0000 |
commit | 07630b3bdf7b386b820b2b7c82ba756c46a52be6 (patch) | |
tree | fdc8a21f5854ad49f8dae1d84ba75c64df9eb506 /app | |
parent | 44f53d46234ae5263fad4320d8dc3308b0801891 (diff) | |
parent | 6ca5b19aafae10f0d9dfd3018e27f9b1731101f2 (diff) | |
download | gitlab-ce-07630b3bdf7b386b820b2b7c82ba756c46a52be6.tar.gz |
Merge branch 'issafeurl-utility' into 'master'
Add global isSafeURL utility
See merge request gitlab-org/gitlab-ce!28943
Diffstat (limited to 'app')
-rw-r--r-- | app/assets/javascripts/lib/utils/url_utility.js | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/app/assets/javascripts/lib/utils/url_utility.js b/app/assets/javascripts/lib/utils/url_utility.js index bdfd06fc250..4a9cd1b6f42 100644 --- a/app/assets/javascripts/lib/utils/url_utility.js +++ b/app/assets/javascripts/lib/utils/url_utility.js @@ -121,4 +121,40 @@ export function webIDEUrl(route = undefined) { return returnUrl; } +/** + * Returns current base URL + */ +export function getBaseURL() { + const { protocol, host } = window.location; + return `${protocol}//${host}`; +} + +/** + * Returns true if url is an absolute or root-relative URL + * + * @param {String} url + */ +export function isAbsoluteOrRootRelative(url) { + return /^(https?:)?\//.test(url); +} + +/** + * Checks if the provided URL is a safe URL (absolute http(s) or root-relative URL) + * + * @param {String} url that will be checked + * @returns {Boolean} + */ +export function isSafeURL(url) { + if (!isAbsoluteOrRootRelative(url)) { + return false; + } + + try { + const parsedUrl = new URL(url, getBaseURL()); + return ['http:', 'https:'].includes(parsedUrl.protocol); + } catch { + return false; + } +} + export { join as joinPaths } from 'path'; |