WIP: fix(GlLink): allow only safe urls
What does this MR do?
This MR ensures that GlLink Component should accept only safe (secure) URLs and thus preventing javascript://
XSSes.
- should allow URLs only with the following protocols (http, https, ftp, mailto)
- should take care of encoded URIs
- should render as
span
tag when thehref
is unsafe
Conformity
-
Code review guidelines. -
GitLab UI's contributing guidlines. -
If it changes a Pajamas-compliant component's look & feel, the MR has been reviewed by a UX designer. -
If it changes GitLab UI's documentation guidelines, the MR has been reviewed by a Technical Writer. -
If the MR changes a component's API, integration MR(s) have been opened in the following projects to ensure that the @gitlab/ui
package can be upgraded quickly after the changes are released:-
GitLab: mr_url -
Customers Portal: mr_url -
Status Page: mr_url
-
-
Added the ~"component:*"
label(s) if applicable.
Closes #823 (closed)
Edited by Dheeraj Joshi