-
-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixed Link extension's commands not respecting XSS prevention via unallowed protocols #5945
Conversation
🦋 Changeset detectedLatest commit: 96e20bb The changes in this PR will be included in the next version bump. This PR includes changesets to release 54 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
✅ Deploy Preview for tiptap-embed ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
@tiptap/core
@tiptap/extension-blockquote
@tiptap/extension-bold
@tiptap/extension-bullet-list
@tiptap/extension-bubble-menu
@tiptap/extension-character-count
@tiptap/extension-code
@tiptap/extension-code-block
@tiptap/extension-code-block-lowlight
@tiptap/extension-collaboration
@tiptap/extension-collaboration-cursor
@tiptap/extension-color
@tiptap/extension-document
@tiptap/extension-dropcursor
@tiptap/extension-floating-menu
@tiptap/extension-focus
@tiptap/extension-font-family
@tiptap/extension-gapcursor
@tiptap/extension-hard-break
@tiptap/extension-heading
@tiptap/extension-highlight
@tiptap/extension-history
@tiptap/extension-horizontal-rule
@tiptap/extension-image
@tiptap/extension-italic
@tiptap/extension-link
@tiptap/extension-list-item
@tiptap/extension-list-keymap
@tiptap/extension-mention
@tiptap/extension-ordered-list
@tiptap/extension-paragraph
@tiptap/extension-placeholder
@tiptap/extension-strike
@tiptap/extension-subscript
@tiptap/extension-superscript
@tiptap/extension-table
@tiptap/extension-table-cell
@tiptap/extension-table-header
@tiptap/extension-table-row
@tiptap/extension-task-item
@tiptap/extension-task-list
@tiptap/extension-text-align
@tiptap/extension-text
@tiptap/extension-text-style
@tiptap/extension-typography
@tiptap/extension-underline
@tiptap/extension-youtube
@tiptap/html
@tiptap/react
@tiptap/pm
@tiptap/starter-kit
@tiptap/suggestion
@tiptap/vue-2
@tiptap/vue-3
commit: |
@nperez0111 done |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good. I think to release we got to make something not a major. I would look into it but I have an appointment right now
This pull request includes changes to improve error handling and validation for links in the
Link
extension. The most important changes include adding error handling in the React component, exporting theisAllowedUri
function, and validating link protocols before setting or toggling links.Implementation Approach
I added checks inside the
setLink
andtoggleLink
commands to see if the link being tried to set is actually valid. If not, we throw an error so the developer can implement error handling outside of the extension.Testing Done
Verification Steps
See above
Additional Notes
Because people can potentially also override said commands, I added an export for the
isValidUri
function to make it easy for people to add said checks themselves.Checklist