-
Notifications
You must be signed in to change notification settings - Fork 363
Conversation
ESLint Summary View Full Report
Report generated by eslint-plus-action |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The isSameURL()
check will fail here as your comparing the sanitized URL with the original appUrl
. It's probably best to santiize inside useSafeAppUrl()
. What do you think?
I don't think you need HTML entity unescaping. React isn't inserting the iframe URL in HTML, it sets it as a DOM property. |
Yeah I can remove it. I took the script from a library and is working with more cases than our concrete one |
I did it. Moved to the hook. I changed the location of the function itself and added the tests |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Redirecting to Apps IMHO would be no bueno, as it will not alert the user and hide the problem. |
I like the error approach. Take a look now. I'm throwing an error if the sanitize call detect a |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice work 🚀
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good! Thanks for adding tests 💯
@JagoFigueroa did you test this? |
Excelente implementación camarada, looks good to me as well. Un saludo ;) |
return relativeFirstCharacters.indexOf(url[0]) > -1 | ||
} | ||
|
||
export function sanitizeUrl(url: string | null): string { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why does it allow null as a param?
What it solves
Sanitize iframe URL for avoid any JS execution