@lvce-editor/extension-detail-view 5.3.0 → 5.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -4546,12 +4546,28 @@ const getMarketplaceEntries = isBuiltin => {
|
|
|
4546
4546
|
}];
|
|
4547
4547
|
};
|
|
4548
4548
|
|
|
4549
|
-
const
|
|
4549
|
+
const getRepositoryLinkRaw = extension => {
|
|
4550
4550
|
if (extension && hasProperty(extension, 'repository') && typeof extension.repository === 'string') {
|
|
4551
4551
|
return extension.repository; // TODO watch out for javascript: or other invalid links or path traversal
|
|
4552
4552
|
}
|
|
4553
4553
|
return '';
|
|
4554
4554
|
};
|
|
4555
|
+
const ensureValidLink = link => {
|
|
4556
|
+
if (!link) {
|
|
4557
|
+
return '';
|
|
4558
|
+
}
|
|
4559
|
+
const parsed = new URL(link);
|
|
4560
|
+
if (parsed.protocol !== 'https:') {
|
|
4561
|
+
return '';
|
|
4562
|
+
}
|
|
4563
|
+
return link;
|
|
4564
|
+
};
|
|
4565
|
+
const getRepositoryLink = extension => {
|
|
4566
|
+
const raw = getRepositoryLinkRaw(extension);
|
|
4567
|
+
const validLink = ensureValidLink(raw);
|
|
4568
|
+
return validLink;
|
|
4569
|
+
};
|
|
4570
|
+
|
|
4555
4571
|
const getResources = (isBuiltin, extension) => {
|
|
4556
4572
|
if (isBuiltin) {
|
|
4557
4573
|
return [];
|
|
@@ -4563,10 +4579,10 @@ const getResources = (isBuiltin, extension) => {
|
|
|
4563
4579
|
url: '#'
|
|
4564
4580
|
}, {
|
|
4565
4581
|
label: issues(),
|
|
4566
|
-
url:
|
|
4582
|
+
url: '#'
|
|
4567
4583
|
}, {
|
|
4568
4584
|
label: repository(),
|
|
4569
|
-
url:
|
|
4585
|
+
url: repositoryLink
|
|
4570
4586
|
}, {
|
|
4571
4587
|
label: license(),
|
|
4572
4588
|
url: '#'
|