Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ADVAPP-309]: Link protection enhancement for realtime chat #526

Merged
merged 5 commits into from
Feb 15, 2024
Merged

[ADVAPP-309]: Link protection enhancement for realtime chat #526

merged 5 commits into from
Feb 15, 2024

Conversation

dgoetzit
Copy link
Contributor

Ticket(s) or GitHub Issue

Technical Description

This PR adds "link protection" in Realtime chat via a new SafeLink extension.

Types of changes

What types of changes does your code introduce? Put an x in all the boxes that apply:

  • New feature (non-breaking change which adds functionality)

Screenshots (if appropriate)

Any deployment steps required?

  • No

Before contributing and submitting this PR, make sure you have:

  • Read the contributing guidelines.
  • Title the PR with the ticket/issue number and a short description of the changes made. Or if no ticket/issue exists, title the PR with a short description of the changes made
  • Linked a relevant ticket or issue or describe the issue/feature which this PR resolves/implements.
  • Resolved all conflicts, if any.
  • Rebased your branch PR on top of the latest upstream main branch.

@dgoetzit dgoetzit requested a review from a team February 13, 2024 14:06
@dgoetzit dgoetzit self-assigned this Feb 13, 2024
@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Feb 13, 2024
edited
Loading

Quality Gate Passed Quality Gate passed

Issues
0 New issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

Orrison
Orrison reviewed Feb 13, 2024
View reviewed changes
Copy link
Collaborator

@Orrison Orrison left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just one question about the UX of a detected javascript href link.

Also, there is a security flag in SonarCloud for that line as well. I believe based on the context that is a false flag. If you agree feel free to review the items in SonarCloud once logged in and mark it as "Safe" with a comment explaining why. I assume because it is not actually a javascript: link like it is falsly detecting, but a pattern detecting one.

app-modules/in-app-communication/resources/js/TipTap/Extentions/SafeLink.js Show resolved Hide resolved
@Orrison Orrison requested a review from danharrin February 13, 2024 14:19
@Orrison
Copy link
Collaborator

Orrison commented Feb 13, 2024

@danharrin since you are most familiar with TipTap plugins, if you wouldn't mind giving this a review as well.

danharrin
danharrin approved these changes Feb 14, 2024
View reviewed changes
Copy link
Contributor

@danharrin danharrin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great implementation!

@Orrison Orrison merged commit 1a77d7a into main Feb 15, 2024
7 checks passed
@Orrison Orrison deleted the feature/ADVAPP-309-link-protection branch February 15, 2024 18:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Orrison Orrison Orrison left review comments

@danharrin danharrin danharrin approved these changes

Assignees

@dgoetzit dgoetzit

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@dgoetzit @Orrison @danharrin @joelicatajr