Skip to content

Commit

Permalink
feat: Allow phone links in HTML sanitizer - EXO-73882 - Meeds-io/MIPs…
Browse files Browse the repository at this point in the history 
…#129 (#656)

Allow phone links in HTML sanitizer
  • Loading branch information
@hakermi @azayati
hakermi authored and azayati committed Oct 8, 2024
1 parent 35c0e29 commit f6e2434
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 0 deletions.
2 changes: 2 additions & 0 deletions commons-component-common/src/main/java/org/exoplatform/commons/utils/HTMLSanitizer.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -157,6 +157,8 @@ abstract public class HTMLSanitizer {
"onmouseup")
.matching(HISTORY_BACK)
.onElements("a")
.allowStandardUrlProtocols()
.allowUrlProtocols("tel","ftp")
.requireRelNofollowOnLinks()
.allowAttributes("src")
.matching(ONSITE_OR_OFFSITE_URL)
Expand Down
7 changes: 7 additions & 0 deletions commons-component-common/src/test/java/org/exoplatform/commons/utils/HTMLSanitizerTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,4 +117,11 @@ public void testAllowedSpecialCharactersLinks(){
}
assertEquals("https://www.economie.gouv.fr/entreprises/changement-janvier-2022?xtor=ES-29-[BIE_292_20220106]-20220106-[https://www.economie.gouv.fr/entreprises/changement-janvier-2022]", sanitized);
}

@Test
public void testAllowPhoneLinks() throws Exception {
String input = "<a class=\"class\" href=\"tel:+21612345678\" target=\"_self\">link</a>";
String sanitized = HTMLSanitizer.sanitize(input);
assertEquals("<a class=\"class\" href=\"tel:&#43;21612345678\" rel=\"nofollow\">link</a>", sanitized);
}
}

0 comments on commit f6e2434

Please sign in to comment.