Evan Morikawa 06a1eb42b2 fix(iframe): catch relative and malformed uris ... Summary: Fixes T3252 When links were clicked with malformed, relative, or malicious href links we'd perform default behavior instead of catching them. If you have href="www.foo.bar" the browser by default thinks it's a relative link. In our case it would prepend the full default base URI which is file://path/to/edgehill. This would at best fail to do anything and at worst execute an arbitrary file. We now blacklist `file:` and check for the existence of a valid RFC 3986 schema on the URI. Test Plan: manual Reviewers: bengotow Reviewed By: bengotow Maniphest Tasks: T3252 Differential Revision: https://phab.nylas.com/D1888		2015-08-19 10:20:41 -07:00
..
evented-iframe-spec.cjsx	fix(iframe): catch relative and malformed uris	2015-08-19 10:20:41 -07:00
form-builder-spec.cjsx	fix(build): Temporarily disable 'Task' tests Jenkins can't run, and avoid empty ui-variables files	2015-06-03 12:04:43 -07:00
multiselect-list-interaction-handler-spec.coffee	fix(thread-list): Narrow mode, and new selection rules for three-pane	2015-06-11 18:00:40 -07:00
multiselect-split-interaction-handler-spec.coffee	fix(thread-list): Narrow mode, and new selection rules for three-pane	2015-06-11 18:00:40 -07:00
tokenizing-text-field-spec.cjsx	fix(contact-chips): Contact chips are editable and have much better style	2015-08-03 13:06:28 -07:00