Merge pull request #4446 from payloadcms/lexical/commits

fix(richtext-lexical): incorrect URL validation for tel: URLs, unnecessary license headers
2023-12-11 16:38:34 +01:00
parent 076c3258d0 9222d6f207
commit a2dac605e5
12 changed files with 16 additions and 96 deletions
--- a/packages/richtext-lexical/src/field/features/Link/nodes/LinkNode.ts
+++ b/packages/richtext-lexical/src/field/features/Link/nodes/LinkNode.ts
@@ -1,12 +1,3 @@
-/** @module @lexical/link */
-/**
- * Copyright (c) Meta Platforms, Inc. and affiliates.
- *
- * This source code is licensed under the MIT license found in the
- * LICENSE file in the root directory of this source tree.
- *
- */
-
 import type { BaseSelection } from 'lexical'

 import { addClassNamesToElement, isHTMLAnchorElement } from '@lexical/utils'
--- a/packages/richtext-lexical/src/field/lexical/utils/environment.ts
+++ b/packages/richtext-lexical/src/field/lexical/utils/environment.ts
@@ -1,10 +1,3 @@
-/**
- * Copyright (c) Meta Platforms, Inc. and affiliates.
- *
- * This source code is licensed under the MIT license found in the
- * LICENSE file in the root directory of this source tree.
- *
- */
 import { CAN_USE_DOM } from './canUseDOM'

 declare global {
--- a/packages/richtext-lexical/src/field/lexical/utils/getSelectedNode.ts
+++ b/packages/richtext-lexical/src/field/lexical/utils/getSelectedNode.ts
@@ -1,10 +1,3 @@
-/**
- * Copyright (c) Meta Platforms, Inc. and affiliates.
- *
- * This source code is licensed under the MIT license found in the
- * LICENSE file in the root directory of this source tree.
- *
- */
 import { $isAtNodeEnd } from '@lexical/selection'
 import { type ElementNode, type RangeSelection, type TextNode } from 'lexical'

--- a/packages/richtext-lexical/src/field/lexical/utils/guard.ts
+++ b/packages/richtext-lexical/src/field/lexical/utils/guard.ts
@@ -1,10 +1,3 @@
-/**
- * Copyright (c) Meta Platforms, Inc. and affiliates.
- *
- * This source code is licensed under the MIT license found in the
- * LICENSE file in the root directory of this source tree.
- *
- */
 export function isHTMLElement(x: unknown): x is HTMLElement {
  return x instanceof HTMLElement
 }
--- a/packages/richtext-lexical/src/field/lexical/utils/joinClasses.ts
+++ b/packages/richtext-lexical/src/field/lexical/utils/joinClasses.ts
@@ -1,11 +1,3 @@
-/**
- * Copyright (c) Meta Platforms, Inc. and affiliates.
- *
- * This source code is licensed under the MIT license found in the
- * LICENSE file in the root directory of this source tree.
- *
- */
-
 export function joinClasses(...args: Array<boolean | null | string | undefined>): string {
  return args.filter(Boolean).join(' ')
 }
--- a/packages/richtext-lexical/src/field/lexical/utils/nodeFormat.ts
+++ b/packages/richtext-lexical/src/field/lexical/utils/nodeFormat.ts
@@ -1,19 +1,11 @@
 /* eslint-disable perfectionist/sort-objects */
 /* eslint-disable regexp/no-obscure-range */
 /* eslint-disable @typescript-eslint/no-redundant-type-constituents */
-//This copy-and-pasted from lexical here here: https://github.com/facebook/lexical/blob/c2ceee223f46543d12c574e62155e619f9a18a5d/packages/lexical/src/LexicalConstants.ts
+//This copy-and-pasted from lexical here: https://github.com/facebook/lexical/blob/c2ceee223f46543d12c574e62155e619f9a18a5d/packages/lexical/src/LexicalConstants.ts

 import type { ElementFormatType, TextFormatType } from 'lexical'
 import type { TextDetailType, TextModeType } from 'lexical/nodes/LexicalTextNode'

-/**
- * Copyright (c) Meta Platforms, Inc. and affiliates.
- *
- * This source code is licensed under the MIT license found in the
- * LICENSE file in the root directory of this source tree.
- *
- */
-
 // DOM
 export const NodeFormat = {
  DOM_ELEMENT_TYPE: 1,
--- a/packages/richtext-lexical/src/field/lexical/utils/point.ts
+++ b/packages/richtext-lexical/src/field/lexical/utils/point.ts
@@ -1,10 +1,3 @@
-/**
- * Copyright (c) Meta Platforms, Inc. and affiliates.
- *
- * This source code is licensed under the MIT license found in the
- * LICENSE file in the root directory of this source tree.
- *
- */
 export class Point {
  private readonly _x: number

--- a/packages/richtext-lexical/src/field/lexical/utils/rect.ts
+++ b/packages/richtext-lexical/src/field/lexical/utils/rect.ts
@@ -1,10 +1,3 @@
-/**
- * Copyright (c) Meta Platforms, Inc. and affiliates.
- *
- * This source code is licensed under the MIT license found in the
- * LICENSE file in the root directory of this source tree.
- *
- */
 import { type Point, isPoint } from './point'

 interface ContainsPointReturn {
--- a/packages/richtext-lexical/src/field/lexical/utils/setFloatingElemPosition.ts
+++ b/packages/richtext-lexical/src/field/lexical/utils/setFloatingElemPosition.ts
@@ -1,10 +1,3 @@
-/**
- * Copyright (c) Meta Platforms, Inc. and affiliates.
- *
- * This source code is licensed under the MIT license found in the
- * LICENSE file in the root directory of this source tree.
- *
- */
 const VERTICAL_GAP = 10
 const HORIZONTAL_OFFSET = 5

--- a/packages/richtext-lexical/src/field/lexical/utils/setFloatingElemPositionForLinkEditor.ts
+++ b/packages/richtext-lexical/src/field/lexical/utils/setFloatingElemPositionForLinkEditor.ts
@@ -1,10 +1,3 @@
-/**
- * Copyright (c) Meta Platforms, Inc. and affiliates.
- *
- * This source code is licensed under the MIT license found in the
- * LICENSE file in the root directory of this source tree.
- *
- */
 const VERTICAL_GAP = 10
 const HORIZONTAL_OFFSET = 5

--- a/packages/richtext-lexical/src/field/lexical/utils/swipe.ts
+++ b/packages/richtext-lexical/src/field/lexical/utils/swipe.ts
@@ -1,11 +1,3 @@
-/**
- * Copyright (c) Meta Platforms, Inc. and affiliates.
- *
- * This source code is licensed under the MIT license found in the
- * LICENSE file in the root directory of this source tree.
- *
- */
-
 type Force = [number, number]
 type Listener = (force: Force, e: TouchEvent) => void
 interface ElementValues {
--- a/packages/richtext-lexical/src/field/lexical/utils/url.ts
+++ b/packages/richtext-lexical/src/field/lexical/utils/url.ts
@@ -1,11 +1,3 @@
-/**
- * Copyright (c) Meta Platforms, Inc. and affiliates.
- *
- * This source code is licensed under the MIT license found in the
- * LICENSE file in the root directory of this source tree.
- *
- */
-
 export function sanitizeUrl(url: string): string {
  /** A pattern that matches safe  URLs. */
  const SAFE_URL_PATTERN = /^(?:(?:https?|mailto|ftp|tel|file|sms):|[^&:/?#]*(?:[/?#]|$))/gi
@@ -28,9 +20,19 @@ const urlRegExp =
 export function validateUrl(url: string): boolean {
  // TODO Fix UI for link insertion; it should never default to an invalid URL such as https://.
  // Maybe show a dialog where they user can type the URL before inserting it.
-  return (
-    url === 'https://' ||
-    urlRegExp.test(url) ||
-    (url.startsWith('tel:+') && !!url.split('tel:+')[1].match(/^\d+$/))
-  )
+
+  if (url === 'https://') return true
+
+  // This makes sure URLs starting with www. instead of https are valid too
+  if (urlRegExp.test(url)) return true
+
+  // While this doesn't allow URLs starting with www (which is why we use the regex above), it does properly handle tel: URLs
+  try {
+    new URL(url)
+    return true
+  } catch {
+    /* empty */
+  }
+
+  return false
 }