Skip to content

GitLab

T
tangled
Commit 0bb60b09 authored by Kristi Park's avatar Kristi Park Committed by Commit Bot
Browse files
Options

[NTP] Check for allowed schemes before adding custom link 

Show error message for URLs with invalid schemes, and remove leftover
function that was removed.

Bug: 906607
Change-Id: I6cd5a7267de3d439c1e54c01f846f03fd9247f62
Reviewed-on: https://chromium-review.googlesource.com/c/1343365Reviewed-by: default avatarRamya Nagarajan <ramyan@chromium.org>
Commit-Queue: Kristi Park <kristipark@chromium.org>
Cr-Commit-Position: refs/heads/master@{#611388}
parent 36a1b5d4
Hide whitespace changes
Inline Side-by-side
Showing with 14 additions and 14 deletions
chrome/browser/resources/local_ntp/custom_links_edit.js
View file @ 0bb60b09
...@@ -134,9 +134,9 @@ function finishEditLink() { ...@@ -134,9 +134,9 @@ function finishEditLink() {
if (urlValue != prepopulatedLink.url) { if (urlValue != prepopulatedLink.url) {
newUrl = chrome.embeddedSearch.newTabPage.fixupAndValidateUrl(urlValue); newUrl = chrome.embeddedSearch.newTabPage.fixupAndValidateUrl(urlValue);
// Show error message for invalid urls. // Show error message for invalid urls.
if (!newUrl) { if (!newUrl || (newUrl && !utils.isSchemeAllowed(newUrl))) {
showInvalidUrlUntilTextInput(); showInvalidUrlUntilTextInput();
disableSubmitUntilTextInput(); $(IDS.DONE).disabled = true; // Disable submit until text input.
return; return;
} }
} }
......
chrome/browser/resources/local_ntp/most_visited_single.js
View file @ 0bb60b09
...@@ -648,16 +648,6 @@ function setupReorder(tile) { ...@@ -648,16 +648,6 @@ function setupReorder(tile) {
} }
/**
* Returns whether the given URL has a known, safe scheme.
* @param {string} url URL to check.
*/
var isSchemeAllowed = function(url) {
return url.startsWith('http://') || url.startsWith('https://') ||
url.startsWith('ftp://') || url.startsWith('chrome-extension://');
};
/** /**
* Renders a MostVisited tile to the DOM. * Renders a MostVisited tile to the DOM.
* @param {object} data Object containing rid, url, title, favicon, thumbnail, * @param {object} data Object containing rid, url, title, favicon, thumbnail,
...@@ -695,7 +685,7 @@ var renderMostVisitedTile = function(data) { ...@@ -695,7 +685,7 @@ var renderMostVisitedTile = function(data) {
tile.className = 'mv-tile'; tile.className = 'mv-tile';
tile.setAttribute('data-tid', data.tid); tile.setAttribute('data-tid', data.tid);
if (isSchemeAllowed(data.url)) { if (utils.isSchemeAllowed(data.url)) {
tile.href = data.url; tile.href = data.url;
} }
tile.setAttribute('aria-label', data.title); tile.setAttribute('aria-label', data.title);
...@@ -852,7 +842,7 @@ function renderMaterialDesignTile(data) { ...@@ -852,7 +842,7 @@ function renderMaterialDesignTile(data) {
mdTile.tabIndex = 0; mdTile.tabIndex = 0;
mdTile.setAttribute('data-tid', data.tid); mdTile.setAttribute('data-tid', data.tid);
mdTile.setAttribute('data-pos', position); mdTile.setAttribute('data-pos', position);
if (isSchemeAllowed(data.url)) { if (utils.isSchemeAllowed(data.url)) {
mdTile.href = data.url; mdTile.href = data.url;
} }
mdTile.setAttribute('aria-label', data.title); mdTile.setAttribute('aria-label', data.title);
......
chrome/browser/resources/local_ntp/utils.js
View file @ 0bb60b09
...@@ -32,3 +32,13 @@ utils.disableOutlineOnMouseClick = function(element) { ...@@ -32,3 +32,13 @@ utils.disableOutlineOnMouseClick = function(element) {
}, {once: true}); }, {once: true});
}); });
}; };
/**
* Returns whether the given URL has a known, safe scheme.
* @param {string} url URL to check.
*/
utils.isSchemeAllowed = function(url) {
return url.startsWith('http://') || url.startsWith('https://') ||
url.startsWith('ftp://') || url.startsWith('chrome-extension://');
};
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment