refactor(client,server): support for URL schemes

2025-09-01 04:12:58 +08:00 · 2025-02-11 22:14:44 +02:00 · 2025-02-11 22:14:44 +02:00 · 4d0969da0a
commit 4d0969da0a
parent f517e4a37a
4 changed files with 24 additions and 108 deletions
--- a/src/public/app/services/link.ts
+++ b/src/public/app/services/link.ts
@ -4,6 +4,15 @@ import appContext, { type NoteCommandData } from "../components/app_context.js";
 import froca from "./froca.js";
 import utils from "./utils.js";

+// Be consistent with `allowedSchemes` in `src\services\html_sanitizer.ts`
+// TODO: Deduplicate with server once we can.
+export const ALLOWED_PROTOCOLS = [
+    'http', 'https', 'ftp', 'ftps', 'mailto', 'data', 'evernote', 'file', 'facetime', 'gemini', 'git',
+    'gopher', 'imap', 'irc', 'irc6', 'jabber', 'jar', 'lastfm', 'ldap', 'ldaps', 'magnet', 'message',
+    'mumble', 'nfs', 'onenote', 'pop', 'rmi', 's3', 'sftp', 'skype', 'sms', 'spotify', 'steam', 'svn', 'udp',
+    'view-source', 'vlc', 'vnc', 'ws', 'wss', 'xmpp', 'jdbc', 'slack', 'tel', 'smb', 'zotero', 'geo'
+];
+
 function getNotePathFromUrl(url: string) {
    const notePathMatch = /#(root[A-Za-z0-9_/]*)$/.exec(url);

@ -296,58 +305,7 @@ function goToLinkExt(evt: MouseEvent | JQuery.ClickEvent | JQuery.MouseDownEvent
                electron.shell.openPath(hrefLink);
            } else {
                // Enable protocols supported by CKEditor 5 to be clickable.
-                // Refer to `allowedProtocols` in https://github.com/TriliumNext/trilium-ckeditor5/blob/main/packages/ckeditor5-build-balloon-block/src/ckeditor.ts.
-                // And be consistent with `allowedSchemes` in `src\services\html_sanitizer.ts`
-                const allowedSchemes = [
-                    "http",
-                    "https",
-                    "ftp",
-                    "ftps",
-                    "mailto",
-                    "data",
-                    "evernote",
-                    "file",
-                    "facetime",
-                    "gemini",
-                    "git",
-                    "gopher",
-                    "imap",
-                    "irc",
-                    "irc6",
-                    "jabber",
-                    "jar",
-                    "lastfm",
-                    "ldap",
-                    "ldaps",
-                    "magnet",
-                    "message",
-                    "mumble",
-                    "nfs",
-                    "onenote",
-                    "pop",
-                    "rmi",
-                    "s3",
-                    "sftp",
-                    "skype",
-                    "sms",
-                    "spotify",
-                    "steam",
-                    "svn",
-                    "udp",
-                    "view-source",
-                    "vlc",
-                    "vnc",
-                    "ws",
-                    "wss",
-                    "xmpp",
-                    "jdbc",
-                    "slack",
-                    "tel",
-                    "smb",
-                    "zotero",
-                    "geo"
-                ];
-                if (allowedSchemes.some((protocol) => hrefLink.toLowerCase().startsWith(protocol + ":"))) {
+                if (ALLOWED_PROTOCOLS.some((protocol) => hrefLink.toLowerCase().startsWith(protocol + ":"))) {
                    window.open(hrefLink, "_blank");
                }
            }
--- a/src/public/app/widgets/type_widgets/ckeditor/toolbars.ts
+++ b/src/public/app/widgets/type_widgets/ckeditor/toolbars.ts
@ -1,3 +1,4 @@
+import { ALLOWED_PROTOCOLS } from "../../../services/link.js";
 import options from "../../../services/options.js";
 import utils from "../../../services/utils.js";

@ -101,12 +102,7 @@ export function buildConfig() {
        },
        link: {
            defaultProtocol: 'https://',
-            allowedProtocols: [
-                'http', 'https', 'ftp', 'ftps', 'mailto', 'data', 'evernote', 'file', 'facetime', 'gemini', 'git',
-                'gopher', 'imap', 'irc', 'irc6', 'jabber', 'jar', 'lastfm', 'ldap', 'ldaps', 'magnet', 'message',
-                'mumble', 'nfs', 'onenote', 'pop', 'rmi', 's3', 'sftp', 'skype', 'sms', 'spotify', 'steam', 'svn', 'udp',
-                'view-source', 'vlc', 'vnc', 'ws', 'wss', 'xmpp', 'jdbc', 'slack', 'tel', 'smb', 'zotero', 'geo'
-              ]
+            allowedProtocols: ALLOWED_PROTOCOLS
        },
        // This value must be kept in sync with the language defined in webpack.config.js.
        language: 'en'
--- a/src/services/html_sanitizer.ts
+++ b/src/services/html_sanitizer.ts
@ -2,6 +2,15 @@ import sanitizeHtml from "sanitize-html";
 import sanitizeUrl from "@braintree/sanitize-url";
 import optionService from "./options.js";

+// Be consistent with `ALLOWED_PROTOCOLS` in `src\public\app\services\link.js`
+// TODO: Deduplicate with client once we can.
+export const ALLOWED_PROTOCOLS = [
+    'http', 'https', 'ftp', 'ftps', 'mailto', 'data', 'evernote', 'file', 'facetime', 'gemini', 'git',
+    'gopher', 'imap', 'irc', 'irc6', 'jabber', 'jar', 'lastfm', 'ldap', 'ldaps', 'magnet', 'message',
+    'mumble', 'nfs', 'onenote', 'pop', 'rmi', 's3', 'sftp', 'skype', 'sms', 'spotify', 'steam', 'svn', 'udp',
+    'view-source', 'vlc', 'vnc', 'ws', 'wss', 'xmpp', 'jdbc', 'slack', 'tel', 'smb', 'zotero', 'geo'
+];
+
 // Default list of allowed HTML tags
 export const DEFAULT_ALLOWED_TAGS = [
    "h1",
@ -138,56 +147,7 @@ function sanitize(dirtyHtml: string) {
            "*": ["class", "style", "title", "src", "href", "hash", "disabled", "align", "alt", "center", "data-*"],
            input: ["type", "checked"]
        },
-        // Be consistent with `allowedSchemes` in `src\public\app\services\link.js`
-        allowedSchemes: [
-            "http",
-            "https",
-            "ftp",
-            "ftps",
-            "mailto",
-            "data",
-            "evernote",
-            "file",
-            "facetime",
-            "gemini",
-            "git",
-            "gopher",
-            "imap",
-            "irc",
-            "irc6",
-            "jabber",
-            "jar",
-            "lastfm",
-            "ldap",
-            "ldaps",
-            "magnet",
-            "message",
-            "mumble",
-            "nfs",
-            "onenote",
-            "pop",
-            "rmi",
-            "s3",
-            "sftp",
-            "skype",
-            "sms",
-            "spotify",
-            "steam",
-            "svn",
-            "udp",
-            "view-source",
-            "vlc",
-            "vnc",
-            "ws",
-            "wss",
-            "xmpp",
-            "jdbc",
-            "slack",
-            "tel",
-            "smb",
-            "zotero",
-            "geo"
-        ],
+        allowedSchemes: ALLOWED_PROTOCOLS,
        nonTextTags: ["head"],
        transformTags
    });
--- a/src/services/import/zip.ts
+++ b/src/services/import/zip.ts
@ -302,7 +302,9 @@ async function importZip(taskContext: TaskContext, fileBuffer: Buffer, importRoo
        });

        if (taskContext.data?.safeImport) {
+            console.log("Before", content);
            content = htmlSanitizer.sanitize(content);
+            console.log("After", content);
        }

        content = content.replace(/<html.*<body[^>]*>/gis, "");