Merge branch 'whitelist-more-protocols'

tollmanz · May 16, 2016 · d25d196 · d25d196
2 parents 0cb4187 + e617fcb
commit d25d196
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 2 deletions.
diff --git a/lib/sanitize/blockedURI.js b/lib/sanitize/blockedURI.js
@@ -12,12 +12,37 @@ var validator = require('validator');
  * @returns {boolean}                  Whether or not the value is allowed.
  */
 function isSpecialCase(blockedURI) {
+  var result = false;
   var specialCases = [
     'about',
-    'about:blank'
+    'about:blank',
+    'android-webview',
+    'android-webview-video-poster',
+    'ms-appx-web://',
+    'chrome-extension://',
+    'safari-extension://',
+    'mxjscall://',
+    'webviewprogressproxy://',
+    'res://',
+    'mx://',
+    'safari-resource://',
+    'chromenull://',
+    'chromeinvoke://',
+    'chromeinvokeimmediate://',
+    'mbinit://',
+    'opera://',
+    'localhost',
+    '127.0.0.1',
+    'none://'
   ];
 
-  return (specialCases.indexOf(blockedURI.trim()) >= 0);
+  specialCases.forEach(function(specialCase) {
+    if (specialCase.indexOf(blockedURI.trim()) === 0) {
+      result = true;
+    }
+  });
+
+  return result;
 }
 
 /**

diff --git a/test/lib/sanitize/blockedURI.js b/test/lib/sanitize/blockedURI.js
@@ -68,6 +68,12 @@ suite(__dirname.split('/').pop(), function() {
         assert.equal(isSpecialCase(' about:blank '), true);
         assert.equal(isSpecialCase('about:blank '), true);
         assert.equal(isSpecialCase('    about:blank     '), true);
+
+        assert.equal(isSpecialCase('chromenull://'), true);
+        assert.equal(isSpecialCase(' chromenull://'), true);
+        assert.equal(isSpecialCase(' chromenull:// '), true);
+        assert.equal(isSpecialCase('chromenull:// '), true);
+        assert.equal(isSpecialCase('    chromenull://     '), true);
       });
     });
   });