@chat21/chat21-web-widget 5.1.0-rc8 → 5.1.0-rc9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/CHANGELOG.md +3 -0
  2. package/package.json +1 -1
  3. package/src/app/utils/utils.ts +71 -33
package/CHANGELOG.md CHANGED
@@ -6,6 +6,9 @@
6
6
  ### **Copyrigth**:
7
7
  *Tiledesk SRL*
8
8
 
9
+ # 5.1.0-rc.9
10
+ - **bug-fixed**: minor fix allowed urls
11
+
9
12
  # 5.1.0-rc.8
10
13
  - **added**: ability to filter on urls attached to message textarea
11
14
 
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@chat21/chat21-web-widget",
3
3
  "author": "Tiledesk SRL",
4
- "version": "5.1.0-rc8",
4
+ "version": "5.1.0-rc9",
5
5
  "license": "MIT",
6
6
  "homepage": "https://www.tiledesk.com",
7
7
  "repository": {
package/src/app/utils/utils.ts CHANGED
@@ -210,42 +210,80 @@ export function isEmoji(str: string) {
210
210
  }
211
211
  }
212
212
 
213
- export function isAllowedUrlInText(text: string, allowedUrls: string[]): boolean {
214
- // Regex per trovare URL o domini nudi nel testo
215
- const urlRegex = /https?:\/\/[^\s]+|www\.[^\s]+|(?:\b[\w-]+\.)+[a-z]{2,}(\/[^\s]*)?/gi;
216
- const foundUrls = text.match(urlRegex);
213
+ // export function isAllowedUrlInText(text: string, allowedUrls: string[]): boolean {
214
+ // // Regex per trovare URL o domini nudi nel testo
215
+ // const urlRegex = /https?:\/\/[^\s]+|www\.[^\s]+|(?:\b[\w-]+\.)+[a-z]{2,}(\/[^\s]*)?/gi;
216
+ // const foundUrls = text.match(urlRegex);
217
217
 
218
- if (!foundUrls) {
219
- return true; // Nessun URL => testo ammesso
220
- }
218
+ // if (!foundUrls) {
219
+ // return true; // Nessun URL => testo ammesso
220
+ // }
221
221
 
222
- // Normalizza dominio: rimuove schema, www., slash finali
223
- const normalize = (url: string) =>
224
- url
225
- .replace(/^https?:\/\//i, '')
226
- .replace(/^www\./i, '')
227
- .replace(/\/$/, '')
228
- .toLowerCase();
229
-
230
- // Normalizza tutti gli allowed pattern per confronto
231
- const normalizedAllowedPatterns = allowedUrls.map(pattern =>
232
- pattern
233
- .replace(/^https?:\/\//i, '')
234
- .replace(/^www\./i, '')
235
- .replace(/\/$/, '')
236
- .toLowerCase()
237
- .replace(/\./g, '\\.')
238
- .replace(/\//g, '\\/')
239
- .replace(/\*/g, '.*')
240
- );
241
-
242
- return foundUrls.every(rawUrl => {
243
- const url = normalize(rawUrl);
244
- return normalizedAllowedPatterns.some(pattern => {
245
- const regex = new RegExp(`^${pattern}$`, 'i');
246
- return regex.test(url);
247
- });
222
+ // // Normalizza dominio: rimuove schema, www., slash finali
223
+ // const normalize = (url: string) =>
224
+ // url
225
+ // .replace(/^https?:\/\//i, '')
226
+ // .replace(/^www\./i, '')
227
+ // .replace(/\/$/, '')
228
+ // .toLowerCase();
229
+
230
+ // // Normalizza tutti gli allowed pattern per confronto
231
+ // const normalizedAllowedPatterns = allowedUrls.map(pattern =>
232
+ // pattern
233
+ // .replace(/^https?:\/\//i, '')
234
+ // .replace(/^www\./i, '')
235
+ // .replace(/\/$/, '')
236
+ // .toLowerCase()
237
+ // .replace(/\./g, '\\.')
238
+ // .replace(/\//g, '\\/')
239
+ // .replace(/\*/g, '.*')
240
+ // );
241
+
242
+ // return foundUrls.every(rawUrl => {
243
+ // const url = normalize(rawUrl);
244
+ // return normalizedAllowedPatterns.some(pattern => {
245
+ // const regex = new RegExp(`^${pattern}$`, 'i');
246
+ // return regex.test(url);
247
+ // });
248
+ // });
249
+ // }
250
+
251
+ export function isAllowedUrlInText(text: string, allowedUrls: string[]){
252
+ const urlsInMessage = extractUrls(text);
253
+ console.log('urlsInMessage ++++ :', urlsInMessage);
254
+
255
+ // Normalize the list of allowed domains by extracting only the hostnames
256
+ const allowedHostnames = allowedUrls.map(url => {
257
+ try {
258
+ return new URL(url).hostname.toLowerCase();
259
+ } catch {
260
+ // Se è un dominio "nudo", come 'tiledesk.com'
261
+ return url.toLowerCase();
262
+ }
263
+ });
264
+
265
+ const nonWhitelistedDomains = urlsInMessage.filter((url) => {
266
+ try {
267
+ const domain = new URL(url).hostname.toLowerCase();
268
+ return !allowedHostnames.includes(domain);
269
+ } catch (e) {
270
+ // Ignore invalid URLs
271
+ return true;
272
+ }
248
273
  });
274
+
275
+ if (nonWhitelistedDomains.length > 0) {
276
+ console.warn('Message blocked: Non-whitelisted domain(s):', nonWhitelistedDomains);
277
+ // this.domainWarning = true; // <-- display a warning
278
+ return false;
279
+ }
280
+ return true
281
+
282
+ }
283
+
284
+ function extractUrls(text: string): string[] {
285
+ const urlRegex = /https?:\/\/[^\s]+/g;
286
+ return text.match(urlRegex) || [];
249
287
  }
250
288
 
251
289
  export function setColorFromString(str: string) {