mirrors/signal-desktop
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 2 Wiki Activity Actions

Only process signal domain links if they have hash/path/query

Browse source
This commit is contained in:
Scott Nonnenberg 2022-09-19 13:42:37 -07:00 committed by GitHub
parent 5e9f3d5171
commit 450051e541
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 61 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

5
ts/util/sgnlHref.ts
View file

@ -34,6 +34,8 @@ export function isCaptchaHref(
return Boolean(url?.protocol === 'signalcaptcha:');
}
// A link to a signal 'action' domain with private data in path/hash/query. We could
// open a browser, but it will just link back to us. We will parse it locally instead.
export function isSignalHttpsLink(
value: string | URL,
logger: LoggerType
@ -45,7 +47,8 @@ export function isSignalHttpsLink(
!url.password &&
!url.port &&
url.protocol === 'https:' &&
SIGNAL_HOSTS.has(url.host)
SIGNAL_HOSTS.has(url.host) &&
(url.hash || url.pathname !== '/' || url.search)
);
}