Summary:
Fixes T3252
When links were clicked with malformed, relative, or malicious href links
we'd perform default behavior instead of catching them.
If you have href="www.foo.bar" the browser by default thinks it's a
relative link. In our case it would prepend the full default base URI
which is file://path/to/edgehill. This would at best fail to do anything
and at worst execute an arbitrary file.
We now blacklist `file:` and check for the existence of a valid RFC 3986
schema on the URI.
Test Plan: manual
Reviewers: bengotow
Reviewed By: bengotow
Maniphest Tasks: T3252
Differential Revision: https://phab.nylas.com/D1888
Summary:
- Remove thread_participants prop, we don't use them anywhere and the underscore-case is ugly.
- Move autolinker into extension, update autolinker to 0.18.1 for phone number support
- document message.coffee, add isFromMe()
- Add tracking pixel extension that removes pixels from mail you *send*. Maybe more features later.
Test Plan: Run 1 new test! (woo...)
Reviewers: evan
Reviewed By: evan
Differential Revision: https://phab.nylas.com/D1787
