don't make good urls with "@" in them mailto links

closes CNVS-14427 Stops bad behavior for big links from google maps and such that have "@" in the middle of them, but really aren't email addresses. Also extracts this transformation into a function in the new "editor_box_utils" module, which will henceforth hold all functions like this that are extracted from tinymce.editor_box for better (read: "any") unit testing. TEST PLAN: - Create a wiki page in your course and name it and type some text in the body. - Highlight the text you added to the body of the message and then click on the "Link to URL" button from the content editor bar and specify a - url with an "at" symbol in it such as the one below to link to. https://www.google.com/maps/place/331+E+Winchester+St,+Murray,+UT+84107/@40.633021,-111.880836,17z/data=!3m1!4b1!4m2!3m1!1s0x875289b8a03ae74d:0x2e83de307059e47d - Click on insert link and create the page - CHECK THE SOURCE AND MAKE SURE IT HASN'T BECOME A MAILTO LINK! Change-Id: I27ac9387cfe7b80a5d293b14f4c3491a77b1e267 Reviewed-on: https://gerrit.instructure.com/50272 Tested-by: Jenkins Reviewed-by: Ryan Shaw <ryan@instructure.com> QA-Review: August Thornton <august@instructure.com> Product-Review: Ethan Vizitei <evizitei@instructure.com>
instructure · Mar 16, 2015 · 57e333c · 57e333c
1 parent 9f0448b
commit 57e333c
Show file tree

Hide file tree

Showing 3 changed files with 71 additions and 10 deletions.
diff --git a/public/javascripts/tinymce.editor_box.js b/public/javascripts/tinymce.editor_box.js
@@ -38,6 +38,7 @@ define([
   'tinymce.editor_box_list',
   'tinymce.config',
   'tinymce.commands',
+  'tinymce.editor_box_utils',
   //'compiled/tinymce', // required, but the bundles that ACTUALLY use
                         // tiny can require it themselves or else we have
                         // build problems
@@ -48,7 +49,7 @@ define([
   'vendor/jquery.ba-tinypubsub'
 ], function(I18nObj, $,
             EditorAccessibility, EditorBoxList, EditorConfig, EditorCommands,
-            INST) {
+            Utils, INST) {
 
   var enableBookmarking = !!INST.browser.ie;
   $(document).ready(function() {
@@ -476,22 +477,14 @@ define([
       options = {url: options};
     }
     var title = options.title;
-    var url = options.url || "";
-    if(url.match(/@/) && !url.match(/\//) && !url.match(/^mailto:/)) {
-      url = "mailto:" + url;
-    } else if(!url.match(/^\w+:\/\//) && !url.match(/^mailto:/) && !url.match(/^\//)) {
-      url = "http://" + url;
-    }
+    var url = Utils.cleanUrl(options.url || "");
     var classes = options.classes || "";
     var defaultText = options.text || options.title || "Link";
     var target = options.target || null;
     var id = $(this).attr('id');
     if(url.indexOf("@") != -1) {
       options.file = false;
       options.image = false;
-      if(url.indexOf("mailto:") != 0) {
-        url = "mailto:" + url;
-      }
     } else if (url.indexOf("/") == -1) {
       title = url;
       url = url.replace(/\s/g, "");

diff --git a/public/javascripts/tinymce.editor_box_utils.js b/public/javascripts/tinymce.editor_box_utils.js
@@ -0,0 +1,45 @@
+define([], function(){
+
+  /**
+   * A collection of functions that extract business logic
+   * from the sphaghetti that is tinymce.editor_box.js
+   *
+   * They're all exported as self contained functions that hang off this
+   * namespace with no global state
+   * in this module because that's what has been really hurting debugging
+   * efforts around tinymce issues in the past.
+   *
+   * functions in this module SHOULD NOT have side effects,
+   * but should be focused around providing necessary data
+   * or dom transformations with no state in this file.
+   * @exports
+   */
+  var editorboxUtils = {
+
+    /**
+     * transforms an input url to make a link out of
+     * into a correctly formed url.  If it's clearly a mailing link,
+     * adds mailto: to the front, and if it has no protocol but isn't an
+     * absolute path, it prepends "http://".
+     *
+     * @param {string} input the raw url representative input by a user
+     *
+     * @returns {string} a well formed url
+     */
+    cleanUrl: function(input){
+      var url = input;
+      if(input.match(/@/) && !input.match(/\//) && !input.match(/^mailto:/)) {
+        url = "mailto:" + input;
+      } else if(!input.match(/^\w+:\/\//) && !input.match(/^mailto:/) && !input.match(/^\//)) {
+        url = "http://" + input;
+      }
+
+      if(url.indexOf("@") != -1 && url.indexOf("mailto:") != 0 && !url.match(/^http/)) {
+        url = "mailto:" + url;
+      }
+      return url;
+    }
+  };
+
+  return editorboxUtils;
+});
diff --git a/spec/coffeescripts/TinymceEditorboxUtilsSpec.coffee b/spec/coffeescripts/TinymceEditorboxUtilsSpec.coffee
@@ -0,0 +1,23 @@
+define ['tinymce.editor_box_utils'], (Utils)->
+  module "Tinymce Utils #cleanUrl", ->
+    setup: ->
+    teardown: ->
+
+  test "it doesnt hurt a good url", ->
+    url = "http://www.google.com"
+    output = Utils.cleanUrl(url)
+    equal(output, url)
+
+  test "it turns email addresses into mailto links", ->
+    output = Utils.cleanUrl("ethan@instructure.com")
+    equal(output, "mailto:ethan@instructure.com")
+
+  test "adding a protocol to unprotocoled addresses", ->
+    input = "www.example.com"
+    output = Utils.cleanUrl(input)
+    equal(output, "http://#{input}")
+
+  test "doesnt mailto links with @ in them", ->
+    input = "https://www.google.com/maps/place/331+E+Winchester+St,+Murray,+UT+84107/@40.633021,-111.880836,17z/data=!3m1!4b1!4m2!3m1!1s0x875289b8a03ae74d:0x2e83de307059e47d"
+    output = Utils.cleanUrl(input)
+    equal(output, input)