diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-06-13 03:08:14 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-06-13 03:08:14 +0300 |
| commit | 101796f3bcf4a9f67431f40a115de2d762485655 (patch) | |
| tree | 91f3bedfd8f2e4d89a8c3ffaadab6e94c473bb43 /app | |
| parent | 8a2bf936e504201d7332de0080ef1f857bc9338e (diff) | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'app')
| -rw-r--r-- | app/assets/javascripts/lib/utils/url_utility.js | 70 |
1 files changed, 40 insertions, 30 deletions
diff --git a/app/assets/javascripts/lib/utils/url_utility.js b/app/assets/javascripts/lib/utils/url_utility.js index 21810b8a6c1..85740117c00 100644 --- a/app/assets/javascripts/lib/utils/url_utility.js +++ b/app/assets/javascripts/lib/utils/url_utility.js @@ -1,3 +1,5 @@ +import * as Sentry from '@sentry/browser'; + export const DASH_SCOPE = '-'; export const PATH_SEPARATOR = '/'; @@ -278,36 +280,6 @@ export const setUrlFragment = (url, fragment) => { return `${rootUrl}#${encodedFragment}`; }; -/** - * Navigates to a URL - * @param {*} url - url to navigate to - * @param {*} external - if true, open a new page or tab - */ -export function visitUrl(url, external = false) { - if (external) { - // Simulate `target="_blank" rel="noopener noreferrer"` - // See https://mathiasbynens.github.io/rel-noopener/ - const otherWindow = window.open(); - otherWindow.opener = null; - otherWindow.location.assign(url); - } else { - window.location.assign(url); - } -} - -export function refreshCurrentPage() { - visitUrl(window.location.href); -} - -/** - * Navigates to a URL - * @deprecated Use visitUrl from ~/lib/utils/url_utility.js instead - * @param {*} url - */ -export function redirectTo(url) { - return window.location.assign(url); -} - export function updateHistory({ state = {}, title = '', url, replace = false, win = window } = {}) { if (win.history) { if (replace) { @@ -703,3 +675,41 @@ export const removeUrlProtocol = (url) => url.replace(/^\w+:\/?\/?/, ''); */ export const removeLastSlashInUrlPath = (url) => url.replace(/\/$/, '').replace(/\/(\?|#){1}([^/]*)$/, '$1$2'); + +/** + * Navigates to a URL + * @deprecated Use visitUrl from ~/lib/utils/url_utility.js instead + * @param {*} url + */ +export function redirectTo(url) { + return window.location.assign(url); +} + +/** + * Navigates to a URL + * @param {*} url - url to navigate to + * @param {*} external - if true, open a new page or tab + */ +export function visitUrl(url, external = false) { + if (!isSafeURL(url)) { + // For now log this to Sentry and do not block the execution. + // See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/121551#note_1408873600 + // for more context. Once we're sure that it's not breaking functionality, we can use + // a RangeError here (throw new RangeError('Only http and https protocols are allowed')). + Sentry.captureException(new RangeError(`Only http and https protocols are allowed: ${url}`)); + } + + if (external) { + // Simulate `target="_blank" rel="noopener noreferrer"` + // See https://mathiasbynens.github.io/rel-noopener/ + const otherWindow = window.open(); + otherWindow.opener = null; + otherWindow.location.assign(url); + } else { + window.location.assign(url); + } +} + +export function refreshCurrentPage() { + visitUrl(window.location.href); +} |