mirror of
https://github.com/Foundry376/Mailspring.git
synced 2024-11-11 18:32:20 +08:00
a7b652a31d
Summary: Fixes T3252 When links were clicked with malformed, relative, or malicious href links we'd perform default behavior instead of catching them. If you have href="www.foo.bar" the browser by default thinks it's a relative link. In our case it would prepend the full default base URI which is file://path/to/edgehill. This would at best fail to do anything and at worst execute an arbitrary file. We now blacklist `file:` and check for the existence of a valid RFC 3986 schema on the URI. Test Plan: manual Reviewers: bengotow Reviewed By: bengotow Maniphest Tasks: T3252 Differential Revision: https://phab.nylas.com/D1888 |
||
|---|---|---|
| .. | ||
| components | ||
| fixtures | ||
| models | ||
| stores | ||
| tasks | ||
| action-bridge-spec.coffee | ||
| auto-update-manager-spec.coffee | ||
| buffered-process-spec.coffee | ||
| clipboard-spec.coffee | ||
| component-registry-spec.coffee | ||
| database-view-spec.coffee | ||
| dom-utils-spec.coffee | ||
| launch-services-spec.coffee | ||
| menu-manager-spec.coffee | ||
| model-view-selection-spec.coffee | ||
| model-view-spec.coffee | ||
| module-cache-spec.coffee | ||
| nylas-protocol-handler-spec.coffee | ||
| nylas-sync-worker-spec.coffee | ||
| package-manager-spec.coffee | ||
| package-spec.coffee | ||
| quoted-html-parser-spec.coffee | ||
| quoted-plain-text-parser-spec.coffee | ||
| style-manager-spec.coffee | ||
| styles-element-spec.coffee | ||
| task-spec.coffee | ||
| test_utils.coffee | ||
| theme-manager-spec.coffee | ||
| undo-manager-spec.coffee | ||
| utils-spec.coffee | ||