robinwobin.dev / witchsky.app
forked from jollywhoppers.com/witchsky.app
Bluesky app fork with some witchin' additions 💫
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

Fix: sanitize URLs before placing them on the page (#488)

authored by

Paul Frazee and committed by
GitHub a79dcd3d a6634ec4

+12 -5
+1
package.json
··· 23 23 "dependencies": { 24 24 "@atproto/api": "0.2.7", 25 25 "@bam.tech/react-native-image-resizer": "^3.0.4", 26 + "@braintree/sanitize-url": "^6.0.2", 26 27 "@expo/webpack-config": "^18.0.1", 27 28 "@fortawesome/fontawesome-svg-core": "^6.1.1", 28 29 "@fortawesome/free-regular-svg-icons": "^6.1.1",
+6 -5
src/view/com/util/Link.tsx
··· 23 23 import {useStores, RootStoreModel} from 'state/index' 24 24 import {convertBskyAppUrlIfNeeded} from 'lib/strings/url-helpers' 25 25 import {isDesktopWeb} from 'platform/detection' 26 + import {sanitizeUrl} from '@braintree/sanitize-url' 26 27 27 28 type Event = 28 29 | React.MouseEvent<HTMLAnchorElement, MouseEvent> ··· 51 52 const onPress = React.useCallback( 52 53 (e?: Event) => { 53 54 if (typeof href === 'string') { 54 - return onPressInner(store, navigation, href, e) 55 + return onPressInner(store, navigation, sanitizeUrl(href), e) 55 56 } 56 57 }, 57 58 [store, navigation, href], ··· 63 64 testID={testID} 64 65 onPress={onPress} 65 66 // @ts-ignore web only -prf 66 - href={asAnchor ? href : undefined}> 67 + href={asAnchor ? sanitizeUrl(href) : undefined}> 67 68 <View style={style}> 68 69 {children ? children : <Text>{title || 'link'}</Text>} 69 70 </View> ··· 76 77 style={style} 77 78 onPress={onPress} 78 79 // @ts-ignore web only -prf 79 - href={asAnchor ? href : undefined}> 80 + href={asAnchor ? sanitizeUrl(href) : undefined}> 80 81 {children ? children : <Text>{title || 'link'}</Text>} 81 82 </TouchableOpacity> 82 83 ) ··· 101 102 lineHeight?: number 102 103 dataSet?: any 103 104 }) { 104 - const {...props} = useLinkProps({to: href}) 105 + const {...props} = useLinkProps({to: sanitizeUrl(href)}) 105 106 const store = useStores() 106 107 const navigation = useNavigation<NavigationProp>() 107 108 108 109 props.onPress = React.useCallback( 109 110 (e?: Event) => { 110 - return onPressInner(store, navigation, href, e) 111 + return onPressInner(store, navigation, sanitizeUrl(href), e) 111 112 }, 112 113 [store, navigation, href], 113 114 )
+5
yarn.lock
··· 1326 1326 resolved "https://registry.yarnpkg.com/@bcoe/v8-coverage/-/v8-coverage-0.2.3.tgz#75a2e8b51cb758a7553d6804a5932d7aace75c39" 1327 1327 integrity sha512-0hYQ8SB4Db5zvZB4axdMHGwEaQjkZzFjQiN9LVYvIFB2nSUHW9tYpxWriPrWDASIxiaXax83REcLxuSdnGPZtw== 1328 1328 1329 + "@braintree/sanitize-url@^6.0.2": 1330 + version "6.0.2" 1331 + resolved "https://registry.yarnpkg.com/@braintree/sanitize-url/-/sanitize-url-6.0.2.tgz#6110f918d273fe2af8ea1c4398a88774bb9fc12f" 1332 + integrity sha512-Tbsj02wXCbqGmzdnXNk0SOF19ChhRU70BsroIi4Pm6Ehp56in6vch94mfbdQ17DozxkL3BAVjbZ4Qc1a0HFRAg== 1333 + 1329 1334 "@cspotcode/source-map-support@^0.8.0": 1330 1335 version "0.8.1" 1331 1336 resolved "https://registry.yarnpkg.com/@cspotcode/source-map-support/-/source-map-support-0.8.1.tgz#00629c35a688e05a88b1cda684fb9d5e73f000a1"