devexpress-richedit 24.1.6-build-24246-0102 → 24.1.6

package/lib/client/client-rich-edit.js

@@ -53,8 +53,8 @@ export class ClientRichEdit {
         this.rawDataSource = settings.rawDataSource;
         this.contextMenuSettings = settings.contextMenuSettings;
         this.fullScreenHelper = new FullScreenHelper(element);
-        if ("eyJsaWNlbnNlS2V5IjoiZXdvZ0lDSm1iM0p0WVhRaU9pQXhMQW9nSUNKcGJuUmxjbTVoYkZWellXZGxTV1FpT2lBaWExcHBaR1pSWjA1WGEyVkxaVmx6U2tJNFdHcFhaeUlLZlE9PS5mL01XY3Z5bDUyTFJMRWlMaEVyYnF1eW5yQ3FEQjdvZ0U1QVgxcGdpMXduSW9sT1MySFluNjBWeDBTb0VJVVpEUGhIRlBSQkdpSzg2cFA1K0xjMG56dUd6RFpEZkVUUS9CeklldjJoNTYzdWc2SzlKMCswMER0eTlvVW1GU2xvRTl6WTdQZz09In0=")
-            config(JSON.parse(atob("eyJsaWNlbnNlS2V5IjoiZXdvZ0lDSm1iM0p0WVhRaU9pQXhMQW9nSUNKcGJuUmxjbTVoYkZWellXZGxTV1FpT2lBaWExcHBaR1pSWjA1WGEyVkxaVmx6U2tJNFdHcFhaeUlLZlE9PS5mL01XY3Z5bDUyTFJMRWlMaEVyYnF1eW5yQ3FEQjdvZ0U1QVgxcGdpMXduSW9sT1MySFluNjBWeDBTb0VJVVpEUGhIRlBSQkdpSzg2cFA1K0xjMG56dUd6RFpEZkVUUS9CeklldjJoNTYzdWc2SzlKMCswMER0eTlvVW1GU2xvRTl6WTdQZz09In0=")));
+        if ("eyJsaWNlbnNlS2V5IjoiZXdvZ0lDSm1iM0p0WVhRaU9pQXhMQW9nSUNKcGJuUmxjbTVoYkZWellXZGxTV1FpT2lBaWNIQktkR3hUTlRaeU1HRjZNV3R4VldwWFNuTXRaeUlLZlE9PS5GSzV0WCtSUkt0akY2Q2NwaExOa0R2V0RCTHVkb0ZrdTN3LzJEMGMxRVlWMXp4KzJEYURkYnA0MGtPbXpKTnBRMXB0TUpiT1NTUm1JVmJaSU5VejRINDE3ejZMTDF4cDRZdWpyL2hQU3RiZlNodkNJMGFmemN4TzhXL1ZaVUJUR2gyZUh6UT09In0=")
+            config(JSON.parse(atob("eyJsaWNlbnNlS2V5IjoiZXdvZ0lDSm1iM0p0WVhRaU9pQXhMQW9nSUNKcGJuUmxjbTVoYkZWellXZGxTV1FpT2lBaWNIQktkR3hUTlRaeU1HRjZNV3R4VldwWFNuTXRaeUlLZlE9PS5GSzV0WCtSUkt0akY2Q2NwaExOa0R2V0RCTHVkb0ZrdTN3LzJEMGMxRVlWMXp4KzJEYURkYnA0MGtPbXpKTnBRMXB0TUpiT1NTUm1JVmJaSU5VejRINDE3ejZMTDF4cDRZdWpyL2hQU3RiZlNodkNJMGFmemN4TzhXL1ZaVUJUR2gyZUh6UT09In0=")));
         this.prepareElement(element, settings);
         this.initDefaultFontsAndStyles();
         this.initBars(settings.ribbon, settings.fonts);

package/lib/client/i-rich-constructor-settings.d.ts

@@ -80,6 +80,8 @@ export interface IRichEditFieldsSettings {
     defaultDateFormat?: string;
     openHyperlinkOnClick?: boolean;
     keepHyperlinkResultForInvalidReference?: boolean;
+    disableRelativeHyperlinkUri?: boolean;
+    allowedHyperlinkUriProtocols?: string[];
     createHyperlinkTooltip?: (hyperlinkTooltip: string, hint: string) => string;
 }
 export interface IRichEditRangePermissionsSettings {

package/lib/client/public/options.d.ts

@@ -93,6 +93,8 @@ export interface IFieldsSettings {
     defaultDateFormat?: string;
     openHyperlinkOnClick?: boolean;
     keepHyperlinkResultForInvalidReference?: boolean;
+    disableRelativeHyperlinkUri?: boolean;
+    allowedHyperlinkUriProtocols?: string[];
     createHyperlinkTooltip?: (hyperlinkTooltip: string, hint: string) => string;
 }
 export interface IBookmarkSettings {

package/lib/client/settings.js

@@ -146,6 +146,10 @@ export class Settings {
                 result.fields.createHyperlinkTooltip = this.parseEventHandler(settings.fields.createHyperlinkTooltip);
             if (isDefined(settings.fields.keepHyperlinkResultForInvalidReference))
                 result.fields.keepHyperlinkResultForInvalidReference = settings.fields.keepHyperlinkResultForInvalidReference;
+            if (isDefined(settings.fields.disableRelativeHyperlinkUri))
+                result.fields.disableRelativeHyperlinkUri = settings.fields.disableRelativeHyperlinkUri;
+            if (isDefined(settings.fields.allowedHyperlinkUriProtocols))
+                result.fields.allowedHyperlinkUriProtocols = settings.fields.allowedHyperlinkUriProtocols;
         }
     }
     static parsePrintingSettings(settings, result) {

package/lib/common/commands/fields/open-hyperlink-command.js

@@ -4,6 +4,7 @@ import { ReadOnlyMode } from '../../interfaces/i-rich-edit-core';
 import { RichEditClientCommand } from '../client-command';
 import { CommandSimpleOptions } from '../command-base';
 import { HyperlinkCommandBase } from './hyperlink-command-base';
+import { createUrlValidationOptions, isUrlValid } from '../../../common/utils/utils';
 export class OpenHyperlinkCommand extends HyperlinkCommandBase {
     executeCore(state, options) {
         let field;
@@ -27,8 +28,11 @@ export class OpenHyperlinkCommand extends HyperlinkCommandBase {
         if (hyperlinkInfo.anchor)
             this.control.commandManager.getCommand(RichEditClientCommand.GoToBookmark)
                 .execute(this.control.commandManager.isPublicApiCall, new CommandSimpleOptions(this.control, hyperlinkInfo.anchor));
-        else if (!(Url.containsClientScript(hyperlinkInfo.uri) || /^\s*data\s*\:\s*/gi.test(hyperlinkInfo.uri)))
-            Url.navigate(hyperlinkInfo.uri, "_blank");
+        else {
+            const options = createUrlValidationOptions(this.control);
+            if (isUrlValid(hyperlinkInfo.uri, options))
+                Url.navigate(hyperlinkInfo.uri, "_blank");
+        }
         return true;
     }
     isEnabledInReadOnlyMode() {

package/lib/common/model/options/fields.d.ts

@@ -6,6 +6,8 @@ export declare class FieldsSettings {
     defaultTimeFormat: string;
     defaultDateFormat: string;
     openHyperlinkOnClick: boolean;
+    disableRelativeHyperlinkUri: boolean;
+    allowedHyperlinkUriProtocols: string[];
     keepHyperlinkResultForInvalidReference: boolean;
     createHyperlinkTooltip: (hyperlinkTooltip: string, hint: string) => string;
     constructor();

package/lib/common/model/options/fields.js

@@ -3,6 +3,7 @@ import { isDefined, isNonNullString } from '@devexpress/utils/lib/utils/common';
 export class FieldsSettings {
     constructor() {
         this.openHyperlinkOnClick = false;
+        this.disableRelativeHyperlinkUri = false;
         this.updateFieldsBeforePrint = true;
         this.updateFieldsOnPaste = true;
         this.defaultTimeFormat = FieldsSettings.DEFAULT_TIME_FORMAT;
@@ -27,9 +28,12 @@ export class FieldsSettings {
             this.openHyperlinkOnClick = obj.openHyperlinkOnClick;
         if (isDefined(obj.keepHyperlinkResultForInvalidReference))
             this.keepHyperlinkResultForInvalidReference = obj.keepHyperlinkResultForInvalidReference;
-        if (isDefined(obj.createHyperlinkTooltip) && obj.createHyperlinkTooltip !== '') {
+        if (isDefined(obj.createHyperlinkTooltip) && obj.createHyperlinkTooltip !== '')
             this.createHyperlinkTooltip = convertToFunction(obj.createHyperlinkTooltip);
-        }
+        if (isDefined(obj.disableRelativeHyperlinkUri))
+            this.disableRelativeHyperlinkUri = obj.disableRelativeHyperlinkUri;
+        if (isDefined(obj.allowedHyperlinkUriProtocols))
+            this.allowedHyperlinkUriProtocols = obj.allowedHyperlinkUriProtocols;
     }
     clone() {
         const result = new FieldsSettings();

package/lib/common/utils/utils.d.ts

@@ -1,4 +1,5 @@
 import { Point } from '@devexpress/utils/lib/geometry/point';
+import { IRichEditControl } from '../interfaces/i-rich-edit-core';
 export declare function rotatePoint(point: Point, angle: number, center: Point): Point;
 export declare class SearchTreeItemResult<T> {
     readonly parentList: T[];
@@ -11,3 +12,9 @@ export declare function searchTreeItem<T extends {
 }>(items: T[], comparer: (item: T) => boolean): SearchTreeItemResult<T> | null;
 export declare function convertToFunction(func: any): any | null;
 export declare function splitByLines(text: string): string[];
+export interface IUrlValidationOptions {
+    allowRelativeUrl?: boolean;
+    allowedProtocols?: string[];
+}
+export declare function createUrlValidationOptions(control: IRichEditControl): IUrlValidationOptions;
+export declare function isUrlValid(url: string, options?: IUrlValidationOptions): boolean;

package/lib/common/utils/utils.js

@@ -56,3 +56,29 @@ export function convertToFunction(func) {
 export function splitByLines(text) {
     return text ? text.split(/\r\n|\r|\n/) : [''];
 }
+export function createUrlValidationOptions(control) {
+    const fieldSettings = control.modelManager.richOptions.fields;
+    return {
+        allowRelativeUrl: !fieldSettings.disableRelativeHyperlinkUri,
+        allowedProtocols: fieldSettings.allowedHyperlinkUriProtocols
+    };
+}
+const disallowedProtocols = [
+    'data',
+    'javascript'
+];
+export function isUrlValid(url, options) {
+    let currentLocation;
+    if (options === null || options === void 0 ? void 0 : options.allowRelativeUrl)
+        currentLocation = window.location.href;
+    try {
+        const resultUrl = new URL(url, currentLocation);
+        const protocol = resultUrl.protocol.slice(0, -1);
+        const allowedProtocols = options === null || options === void 0 ? void 0 : options.allowedProtocols;
+        if (allowedProtocols)
+            return allowedProtocols.includes(protocol);
+        return !disallowedProtocols.includes(protocol);
+    }
+    catch (_a) { }
+    return false;
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "devexpress-richedit",
-  "version": "24.1.6-build-24246-0102",
+  "version": "24.1.6",
   "homepage": "https://www.devexpress.com/",
   "bugs": "https://www.devexpress.com/support/",
   "author": "Developer Express Inc.",
@@ -14,8 +14,8 @@
     "build-nspell": "webpack --mode production --config=bin/nspell.webpack.config.js"
   },
   "peerDependencies": {
-    "devextreme": "24.1.6-build-24244-1936",
-    "devextreme-dist": "24.1.6-build-24244-1936"
+    "devextreme": "24.1.6",
+    "devextreme-dist": "24.1.6"
   },
   "dependencies": {
     "jszip": "~3.10.1",