Bug 1527701 - Use SafeAnchor in navigation and message component. r=Mardak a=lizzard
authork88hudson <k88hudson@gmail.com>
Sat, 16 Feb 2019 00:50:35 +0200
changeset 515997 5a8c8df8a7a74d1c04fe52c728429dde5a531db9
parent 515996 d2aa4c02f9b20472e75f0a68e612e1a353e56692
child 515998 72498207a0698c24cf368c2ad7b9f97386ef2cc7
push id1953
push userffxbld-merge
push dateMon, 11 Mar 2019 12:10:20 +0000
treeherdermozilla-release@9c35dcbaa899 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersMardak, lizzard
bugs1527701
milestone66.0
Bug 1527701 - Use SafeAnchor in navigation and message component. r=Mardak a=lizzard Reviewers: Mardak Reviewed By: Mardak Bug #: 1527701 Differential Revision: https://phabricator.services.mozilla.com/D20007
browser/components/newtab/content-src/components/DiscoveryStreamComponents/DSMessage/DSMessage.jsx
browser/components/newtab/content-src/components/DiscoveryStreamComponents/Navigation/Navigation.jsx
browser/components/newtab/content-src/components/DiscoveryStreamComponents/SafeAnchor/SafeAnchor.jsx
browser/components/newtab/data/content/activity-stream.bundle.js
--- a/browser/components/newtab/content-src/components/DiscoveryStreamComponents/DSMessage/DSMessage.jsx
+++ b/browser/components/newtab/content-src/components/DiscoveryStreamComponents/DSMessage/DSMessage.jsx
@@ -1,9 +1,10 @@
 import React from "react";
+import {SafeAnchor} from "../SafeAnchor/SafeAnchor";
 
 export class DSMessage extends React.PureComponent {
   render() {
     let hasSubtitleAndOrLink = this.props.link_text && this.props.link_url;
     hasSubtitleAndOrLink = hasSubtitleAndOrLink || this.props.subtitle;
 
     return (
       <div className="ds-message">
@@ -11,16 +12,16 @@ export class DSMessage extends React.Pur
           <header className="title">
             {this.props.icon && (<img src={this.props.icon} />)}
             <span>{this.props.title}</span>
           </header>
         )}
         { hasSubtitleAndOrLink && (
           <p className="subtitle">
             {this.props.subtitle && (<span>{this.props.subtitle}</span>)}
-            {this.props.link_text && this.props.link_url && (<a href={this.props.link_url}>{this.props.link_text}</a>)}
+            {this.props.link_text && this.props.link_url && (<SafeAnchor url={this.props.link_url}>{this.props.link_text}</SafeAnchor>)}
           </p>
         )}
         <hr className="ds-hr" />
       </div>
     );
   }
 }
--- a/browser/components/newtab/content-src/components/DiscoveryStreamComponents/Navigation/Navigation.jsx
+++ b/browser/components/newtab/content-src/components/DiscoveryStreamComponents/Navigation/Navigation.jsx
@@ -1,14 +1,15 @@
 import React from "react";
+import {SafeAnchor} from "../SafeAnchor/SafeAnchor";
 
 export class Topic extends React.PureComponent {
   render() {
     const {url, name} = this.props;
-    return (<li><a key={name} href={url}>{name}</a></li>);
+    return (<li><SafeAnchor key={name} url={url}>{name}</SafeAnchor></li>);
   }
 }
 
 export class Navigation extends React.PureComponent {
   render() {
     const {links} = this.props || [];
     const {alignment} = this.props || "centered";
     const header = this.props.header || {};
--- a/browser/components/newtab/content-src/components/DiscoveryStreamComponents/SafeAnchor/SafeAnchor.jsx
+++ b/browser/components/newtab/content-src/components/DiscoveryStreamComponents/SafeAnchor/SafeAnchor.jsx
@@ -7,17 +7,17 @@ export class SafeAnchor extends React.Pu
       protocol = new URL(url).protocol;
     } catch (e) { return ""; }
 
     const isAllowed = [
       "http:",
       "https:",
     ].includes(protocol);
     if (!isAllowed) {
-      console.warn(`${protocol} is not allowed for anchor targets.`); // eslint-disable-line no-console
+      console.warn(`${url} is not allowed for anchor targets.`); // eslint-disable-line no-console
       return "";
     }
     return url;
   }
 
   render() {
     const {url, className, onLinkClick} = this.props;
     return (
--- a/browser/components/newtab/data/content/activity-stream.bundle.js
+++ b/browser/components/newtab/data/content/activity-stream.bundle.js
@@ -7123,17 +7123,17 @@ class SafeAnchor_SafeAnchor extends exte
     try {
       protocol = new URL(url).protocol;
     } catch (e) {
       return "";
     }
 
     const isAllowed = ["http:", "https:"].includes(protocol);
     if (!isAllowed) {
-      console.warn(`${protocol} is not allowed for anchor targets.`); // eslint-disable-line no-console
+      console.warn(`${url} is not allowed for anchor targets.`); // eslint-disable-line no-console
       return "";
     }
     return url;
   }
 
   render() {
     const { url, className, onLinkClick } = this.props;
     return external_React_default.a.createElement(
@@ -7285,16 +7285,17 @@ CardGrid_CardGrid.defaultProps = {
   items: 4 // Number of stories to display
 };
 // EXTERNAL MODULE: external "ReactRedux"
 var external_ReactRedux_ = __webpack_require__(24);
 
 // CONCATENATED MODULE: ./content-src/components/DiscoveryStreamComponents/DSMessage/DSMessage.jsx
 
 
+
 class DSMessage_DSMessage extends external_React_default.a.PureComponent {
   render() {
     let hasSubtitleAndOrLink = this.props.link_text && this.props.link_url;
     hasSubtitleAndOrLink = hasSubtitleAndOrLink || this.props.subtitle;
 
     return external_React_default.a.createElement(
       "div",
       { className: "ds-message" },
@@ -7312,18 +7313,18 @@ class DSMessage_DSMessage extends extern
         "p",
         { className: "subtitle" },
         this.props.subtitle && external_React_default.a.createElement(
           "span",
           null,
           this.props.subtitle
         ),
         this.props.link_text && this.props.link_url && external_React_default.a.createElement(
-          "a",
-          { href: this.props.link_url },
+          SafeAnchor_SafeAnchor,
+          { url: this.props.link_url },
           this.props.link_text
         )
       ),
       external_React_default.a.createElement("hr", { className: "ds-hr" })
     );
   }
 }
 // CONCATENATED MODULE: ./content-src/components/DiscoveryStreamComponents/List/List.jsx
@@ -7591,25 +7592,26 @@ class HorizontalRule_HorizontalRule exte
   }
 }
 // EXTERNAL MODULE: ./content-src/components/DiscoveryStreamImpressionStats/ImpressionStats.jsx
 var ImpressionStats = __webpack_require__(30);
 
 // CONCATENATED MODULE: ./content-src/components/DiscoveryStreamComponents/Navigation/Navigation.jsx
 
 
+
 class Navigation_Topic extends external_React_default.a.PureComponent {
   render() {
     const { url, name } = this.props;
     return external_React_default.a.createElement(
       "li",
       null,
       external_React_default.a.createElement(
-        "a",
-        { key: name, href: url },
+        SafeAnchor_SafeAnchor,
+        { key: name, url: url },
         name
       )
     );
   }
 }
 
 class Navigation_Navigation extends external_React_default.a.PureComponent {
   render() {