signal-desktop/js/modules/link_previews.js

/* global URL */

const { isNumber, compact, isEmpty } = require('lodash');
const nodeUrl = require('url');
const LinkifyIt = require('linkify-it');

const linkify = LinkifyIt();

module.exports = {
  findLinks,
  getDomain,
  isLinkSafeToPreview,
  isLinkSneaky,
  isStickerPack,
};

function isLinkSafeToPreview(link) {
  let url;
  try {
    url = new URL(link);
  } catch (err) {
    return false;
  }
  return url.protocol === 'https:' && !isLinkSneaky(link);
}

function isStickerPack(link) {
  return (link || '').startsWith('https://signal.art/addstickers/');
}

function findLinks(text, caretLocation) {
  const haveCaretLocation = isNumber(caretLocation);
  const textLength = text ? text.length : 0;

  const matches = linkify.match(text || '') || [];
  return compact(
    matches.map(match => {
      if (!haveCaretLocation) {
        return match.text;
      }

      if (match.lastIndex === textLength && caretLocation === textLength) {
        return match.text;
      }

      if (match.index > caretLocation || match.lastIndex < caretLocation) {
        return match.text;
      }

      return null;
    })
  );
}

function hasAuth(url) {
  try {
    const urlObject = new URL(url);
    return Boolean(urlObject.username);
  } catch (e) {
    return null;
  }
}

function getDomain(url) {
  try {
    const urlObject = new URL(url);
    return urlObject.hostname;
  } catch (error) {
    return null;
  }
}

const ASCII_PATTERN = new RegExp('[\\u0020-\\u007F]', 'g');

function isLinkSneaky(link) {
  // Any links which contain auth are considered sneaky
  if (hasAuth(link)) {
    return true;
  }

  const domain = getDomain(link);
  // If the domain is falsy, something fishy is going on
  if (!domain) {
    return true;
  }

  // To quote [RFC 1034][0]: "the total number of octets that represent a
  //   domain name [...] is limited to 255." To be extra careful, we set a
  //   maximum of 2048. (This also uses the string's `.length` property,
  //   which isn't exactly the same thing as the number of octets.)
  // [0]: https://tools.ietf.org/html/rfc1034
  if (domain.length > 2048) {
    return true;
  }

  // Domains cannot contain encoded characters
  if (domain.includes('%')) {
    return true;
  }

  // There must be at least 2 domain labels, and none of them can be empty.
  const labels = domain.split('.');
  if (labels.length < 2 || labels.some(isEmpty)) {
    return true;
  }

  // This is necesary because getDomain returns domains in punycode form.
  const unicodeDomain = nodeUrl.domainToUnicode
    ? nodeUrl.domainToUnicode(domain)
    : domain;

  const withoutPeriods = unicodeDomain.replace(/\./g, '');

  const hasASCII = ASCII_PATTERN.test(withoutPeriods);
  const withoutASCII = withoutPeriods.replace(ASCII_PATTERN, '');

  const isMixed = hasASCII && withoutASCII.length > 0;
  if (isMixed) {
    return true;
  }

  return false;
}
Link Previews 2019-01-16 03:03:56 +00:00			`/* global URL */`

Improved link verification logic. 2020-08-26 19:47:50 +00:00			`const { isNumber, compact, isEmpty } = require('lodash');`
Update to Electron 4.x 2019-02-21 22:41:17 +00:00			`const nodeUrl = require('url');`
Link Previews 2019-01-16 03:03:56 +00:00			`const LinkifyIt = require('linkify-it');`

			`const linkify = LinkifyIt();`

			`module.exports = {`
			`findLinks,`
			`getDomain,`
Widen the set of link previews which can be received 2020-08-29 01:27:45 +00:00			`isLinkSafeToPreview,`
Improve handling for URLs composed of mixed character sets 2019-02-21 20:28:13 +00:00			`isLinkSneaky,`
Stickers Co-authored-by: scott@signal.org Co-authored-by: ken@signal.org 2019-05-16 22:32:11 +00:00			`isStickerPack,`
Link Previews 2019-01-16 03:03:56 +00:00			`};`

Widen the set of link previews which can be received 2020-08-29 01:27:45 +00:00			`function isLinkSafeToPreview(link) {`
			`let url;`
			`try {`
			`url = new URL(link);`
			`} catch (err) {`
			`return false;`
			`}`
			`return url.protocol === 'https:' && !isLinkSneaky(link);`
			`}`

Stickers Co-authored-by: scott@signal.org Co-authored-by: ken@signal.org 2019-05-16 22:32:11 +00:00			`function isStickerPack(link) {`
Change domain for sharing sticker packs 2019-11-14 00:12:36 +00:00			`return (link \|\| '').startsWith('https://signal.art/addstickers/');`
Stickers Co-authored-by: scott@signal.org Co-authored-by: ken@signal.org 2019-05-16 22:32:11 +00:00			`}`

Fine-tune linkification technique for link previews 2019-02-11 23:10:32 +00:00			`function findLinks(text, caretLocation) {`
			`const haveCaretLocation = isNumber(caretLocation);`
			`const textLength = text ? text.length : 0;`

Link Previews 2019-01-16 03:03:56 +00:00			`const matches = linkify.match(text \|\| '') \|\| [];`
Fine-tune linkification technique for link previews 2019-02-11 23:10:32 +00:00			`return compact(`
			`matches.map(match => {`
			`if (!haveCaretLocation) {`
			`return match.text;`
			`}`

			`if (match.lastIndex === textLength && caretLocation === textLength) {`
			`return match.text;`
			`}`

			`if (match.index > caretLocation \|\| match.lastIndex < caretLocation) {`
			`return match.text;`
			`}`

			`return null;`
			`})`
			`);`
Link Previews 2019-01-16 03:03:56 +00:00			`}`

Linkify URLs containing `@` 2020-04-24 16:57:04 +00:00			`function hasAuth(url) {`
			`try {`
			`const urlObject = new URL(url);`
			`return Boolean(urlObject.username);`
			`} catch (e) {`
			`return null;`
			`}`
			`}`

Link Previews 2019-01-16 03:03:56 +00:00			`function getDomain(url) {`
			`try {`
			`const urlObject = new URL(url);`
			`return urlObject.hostname;`
			`} catch (error) {`
			`return null;`
			`}`
			`}`

Initial move towards new ESLint config supporting TS Co-authored-by: Sidney Keese <sidney@carbonfive.com> 2020-09-01 00:09:28 +00:00			`const ASCII_PATTERN = new RegExp('[\\u0020-\\u007F]', 'g');`
Improve handling for URLs composed of mixed character sets 2019-02-21 20:28:13 +00:00
			`function isLinkSneaky(link) {`
Linkify URLs containing `@` 2020-04-24 16:57:04 +00:00			`// Any links which contain auth are considered sneaky`
			`if (hasAuth(link)) {`
			`return true;`
			`}`

Improve handling for URLs composed of mixed character sets 2019-02-21 20:28:13 +00:00			`const domain = getDomain(link);`
Don't linkify invalid URLs 2020-02-19 21:14:18 +00:00			`// If the domain is falsy, something fishy is going on`
			`if (!domain) {`
			`return true;`
			`}`

Improved link verification logic. 2020-08-26 19:47:50 +00:00			`// To quote [RFC 1034][0]: "the total number of octets that represent a`
			`// domain name [...] is limited to 255." To be extra careful, we set a`
			// maximum of 2048. (This also uses the string's `.length` property,
			`// which isn't exactly the same thing as the number of octets.)`
			`// [0]: https://tools.ietf.org/html/rfc1034`
			`if (domain.length > 2048) {`
			`return true;`
			`}`

Don't linkify invalid URLs 2020-02-19 21:14:18 +00:00			`// Domains cannot contain encoded characters`
			`if (domain.includes('%')) {`
			`return true;`
			`}`
Improve handling for URLs composed of mixed character sets 2019-02-21 20:28:13 +00:00
Improved link verification logic. 2020-08-26 19:47:50 +00:00			`// There must be at least 2 domain labels, and none of them can be empty.`
			`const labels = domain.split('.');`
			`if (labels.length < 2 \|\| labels.some(isEmpty)) {`
			`return true;`
			`}`

Don't linkify invalid URLs 2020-02-19 21:14:18 +00:00			`// This is necesary because getDomain returns domains in punycode form.`
Move left pane entirely to React 2019-01-14 21:49:58 +00:00			`const unicodeDomain = nodeUrl.domainToUnicode`
			`? nodeUrl.domainToUnicode(domain)`
			`: domain;`
Improve handling for URLs composed of mixed character sets 2019-02-21 20:28:13 +00:00
Simplify linkification filter - check for ASCII/non-ASCII only 2019-12-18 19:45:11 +00:00			`const withoutPeriods = unicodeDomain.replace(/\./g, '');`

			`const hasASCII = ASCII_PATTERN.test(withoutPeriods);`
			`const withoutASCII = withoutPeriods.replace(ASCII_PATTERN, '');`

			`const isMixed = hasASCII && withoutASCII.length > 0;`
			`if (isMixed) {`
			`return true;`
Improve handling for URLs composed of mixed character sets 2019-02-21 20:28:13 +00:00			`}`

			`return false;`
			`}`