Allow only safe urls in GlButton
Proposal
GlButton component should accept only secure and valid URLs. This means that it should prevent javascript://
links.
- should allow URLs only with the following protocols (http, https, ftp, mailto)
- should take care of encoded URIs
- should render as
span
tag when thehref
is unsafe
GlSafeLinkDirective
can be used for that purpose.
Since GitLab also relies on data URLs in some cases, we'll want to provide a way to set "unsafe" URLs that will skip the sanitization step. An idea would be to expose an unsafe-url
prop.
Why
The javascript links can lead to cross-site scripting bugs. For example, gitlab#212630 (closed). It has been fixed by validating the zoom meeting links which should fix this particular security issue. However, other GlButton
usages are still vulnerable if we miss any such validations.
Related Issues
Edited by Paul Gascou-Vaillancourt