Skip to content

Commit

Permalink
fix: reject dangerous email payloads
Browse files Browse the repository at this point in the history
Fixes #228
  • Loading branch information
Esya committed Aug 23, 2021
1 parent 04fe142 commit c0a7e48
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -21,4 +21,16 @@ describe('<ValidatorMediaInfo />', () => {
const el = screen.queryByRole('link')
expect(el).toBeNull()
})

it('should display an email if the address is valid', () => {
render(<ValidatorMediaInfo mediaInfo={{ email_address: '[email protected]' }} />)
const el = screen.getByRole('link')
expect(el).toHaveAttribute('href', 'mailto:[email protected]')
})

it('should not display the email if the address is dangerous', () => {
render(<ValidatorMediaInfo mediaInfo={{ email_address: '[email protected]?attach=dangerouspayload' }} />)
const el = screen.queryByRole('link')
expect(el).toBeNull()
})
})
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,9 @@ export const ValidatorMediaInfo = memo((props: Props) => {
const info = props.mediaInfo
return (
<>
{info.email_address && <MediaButton href={`mailto:${info.email_address}`} icon={<MailOption />} />}
{info.email_address && !info.email_address.includes('?') && (
<MediaButton href={`mailto:${info.email_address}`} icon={<MailOption />} />
)}
{info.website_link && isWebUri(info.website_link) && (
<MediaButton href={info.website_link} icon={<Home />} />
)}
Expand Down

0 comments on commit c0a7e48

Please sign in to comment.