-
Notifications
You must be signed in to change notification settings - Fork 66
Add "validate share data" algorithm #185
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from all commits
Commits
Show all changes
38 commits
Select commit
Hold shift + click to select a range
dbbc9df
Add canShare() method
marcoscaceres a3a4319
add SecureContext and allowed to use check
marcoscaceres 99cccb7
Add http+https checks to validation
marcoscaceres c60193b
Handle empty files sequence
marcoscaceres a1a8a8b
Update index.html
marcoscaceres e04fca8
Merge branch 'master' into canShare
marcoscaceres 7dde1f3
Merge branch 'master' into canShare
marcoscaceres a42f0b7
Add "validate share data" algorithm
marcoscaceres 84e8c3a
fixup
marcoscaceres bd53f07
Simplify call to validate share data
marcoscaceres e683d56
Apply suggestions from code review
marcoscaceres 788a9e2
Merge branch 'master' into validate_data
marcoscaceres 6c0a9f5
Add AU-specific type check, plus reject
marcoscaceres daa015a
Merge branch 'main' into validate_data
marcoscaceres 6654681
Merge branch 'main' into validate_data
marcoscaceres 1adf6dc
Merge branch 'main' into validate_data
marcoscaceres bae0c90
Merge branch 'main' into validate_data
marcoscaceres b494946
Fixup internal slot
marcoscaceres 88865d6
Merge branch 'main' into validate_data
marcoscaceres f83e582
Merge branch 'main' into validate_data
marcoscaceres 95d9909
Update index.html
marcoscaceres 40618ca
Remove note about allowed to use in priv sec section
marcoscaceres 32eaf09
Merge branch 'main' into validate_data
marcoscaceres 1355ab6
Merge branch 'main' into validate_data
marcoscaceres abd6bcd
Fixup + remove link to issue 127
marcoscaceres 28e5ad5
fixup typo
marcoscaceres d86d782
another typo
marcoscaceres e72fe88
Add missing {{DOMException}} in places
marcoscaceres f79f7c6
Merge branch 'main' into validate_data
marcoscaceres a978ab3
Merge branch 'main' into validate_data
marcoscaceres 5b7071e
Remove null check, done elsewhere
marcoscaceres c03d6ab
Merge branch 'main' into validate_data
marcoscaceres c8c2525
Remove ref to secure-context
marcoscaceres b563520
Further fixup
marcoscaceres a612457
Merge branch 'main' into validate_data
marcoscaceres 9d2f37b
Let UA decide what's a hostile URL
marcoscaceres 5ca9b3a
Merge branch 'main' into validate_data
marcoscaceres 892497f
Include issue 178
marcoscaceres File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -161,32 +161,18 @@ | |
|
|
||
|
|
||
| {{ShareData/text}}, or {{ShareData/url}} or {{ShareData/files}} are | ||
| present, return a promise rejected with a {{TypeError}}. | ||
|
|
||
| [=environment settings object/API base URL=]. | ||
|
|
||
|
|
||
|
|
||
| implementation does not support file sharing, return a | ||
| promise rejected with a {{TypeError}}, and abort these | ||
| steps. | ||
|
|
||
| false, then return [=a promise rejected with=] a {{TypeError}}. | ||
|
|
||
|
|
||
|
|
||
| object's [=environment settings object/api base URL=]. | ||
|
|
||
| parser on |data|'s {{ShareData/url}} with |base|. | ||
|
|
||
| {{TypeError}}. | ||
|
|
||
| a promise rejected with {{TypeError}}. | ||
|
|
||
|
|
||
| member set to the result of running the URL serializer | ||
|
|
@@ -271,6 +257,65 @@ | |
| or bypassing the UI if there is only a single share target. | ||
| Validate share data | ||
| To validate share data with |data:ShareData| and | ||
| |base:URL|, run the following steps: | ||
|
|
||
|
|
||
| {{ShareData/text}}, or {{ShareData/url}} or {{ShareData/files}} are | ||
| present, return false. | ||
|
|
||
| {{ShareData/title}}, or {{ShareData/text}}, or {{ShareData/url}} is | ||
| present. | ||
|
|
||
|
|
||
|
|
||
| {{ShareData/files}} member is empty, return false. | ||
| This causes a `{ files: [] }` dictionary to be treated as | ||
| an empty dictionary. However, passing a dictionary like | ||
| `{text: "text", files: []}` is fine, as `files` is just | ||
| ignored. | ||
|
|
||
| false. | ||
marcoscaceres marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
|
||
| `files` would result in a potentially hostile share, return | ||
| false. | ||
|
|
||
|
|
||
|
|
||
| on |data|'s {{ShareData/url}} member, with |base|, and no | ||
| encoding override. | ||
|
|
||
| If |url| is a URL the user agent deems potentially hostile | ||
| (e.g., "file:") or wouldn't make sense to outside the scope | ||
| of the document (e.g., "blob:"), return false. | ||
|
|
||
|
|
||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.