fix: use new implementation

Author: XinyuCRO

electron/main.ts

@@ -141,10 +141,11 @@ function createWindow() {
   // Open default browser when direct to external
   win.webContents.on('new-window', function (e, url) {
     e.preventDefault();
-    if (!isValidURL(url)) {
+    const { isValid, finalURL } = isValidURL(url);
+    if (!isValid) {
       return;
     }
-    require('electron').shell.openExternal(url);
+    require('electron').shell.openExternal(finalURL);
   });
 
   // Hot Reloading
@@ -191,16 +192,17 @@ app.on('ready', async function () {
   await new Promise(resolve => setTimeout(resolve, 20_000));
 
   const autoUpdateExpireTime = store.get('autoUpdateExpireTime');
-  if(!autoUpdateExpireTime) {
+  if (!autoUpdateExpireTime) {
     autoUpdater.checkForUpdatesAndNotify();
   }
 });
 
 app.on('web-contents-created', (event, contents) => {
-  
+
   if (contents.getType() == 'window') {
     contents.on('will-navigate', (event, url) => {
-      if (!isValidURL(url)) {
+      const { isValid } = isValidURL(url);
+      if (!isValid) {
         event.preventDefault();
         return;
       }
@@ -211,38 +213,44 @@ app.on('web-contents-created', (event, contents) => {
     // blocks any new windows from being opened
     contents.setWindowOpenHandler((detail) => {
 
-      if (isValidURL(detail.url)) {
-        return {action: 'allow'};
+      const { isValid } = isValidURL(detail.url);
+
+      if (isValid) {
+        return { action: 'allow' };
       }
 
       console.log('open url reject, not valid', detail.url);
-      return {action: 'deny'};
+      return { action: 'deny' };
     })
-    
+
     // new-window api deprecated, but still working for now
     contents.on('new-window', (event, url, frameName, disposition, options) => {
       options.webPreferences = {
         ...options.webPreferences,
         javascript: false,
       };
-      
-      if (!isValidURL(url)) {
+
+      const { isValid, finalURL } = isValidURL(url);
+
+      if (!isValid) {
         event.preventDefault();
         return;
       }
 
-      require('electron').shell.openExternal(url);
+      require('electron').shell.openExternal(finalURL);
     })
 
     contents.on('will-navigate', (event, url) => {
-      if (!isValidURL(url)) {
+      const { isValid } = isValidURL(url);
+      if (!isValid) {
         event.preventDefault();
       }
     })
 
     // blocks 301/302 redirect if the url is not valid
     contents.on('will-redirect', (event, url) => {
-      if (!isValidURL(url)) {
+      const { isValid } = isValidURL(url);
+      if (!isValid) {
         event.preventDefault();
       }
     })

electron/utils.ts

@@ -1,42 +1,23 @@
 import { URL } from "url";
 
-function isValidDomain(domain: string) {
-  const parts = domain.split('.');
-  if (parts.length < 2) {
-    return false;
-  }
-
-  for (const part of parts) {
-    if (part.length === 0) {
-      return false;
-    }
-  }
-
-  return true;
+interface ValidURLCheckResult {
+  isValid: boolean;
+  finalURL: string;
 }
 
-export function isValidURL(str: string) {
-  const count = str.split(':').length - 1;
-  if (count > 1) {
-    return false;
-  }
-
-  let urlTest: URL;
+export function isValidURL(str: string): ValidURLCheckResult {
   try {
-    if (count == 0 && isValidDomain(str)) {
-      urlTest = new URL('https://' + str);
-    } else {
-      urlTest = new URL(str);
-    }
-  } catch (_) {
-    return false;
-  }
+    if (!str.startsWith('https://') && !str.startsWith('http://')) {
+      str = 'https://' + str
 
-  if (urlTest.protocol === 'http:' || urlTest.protocol === 'https:') {
-    return true;
-  } else if (urlTest.protocol === 'http' || urlTest.protocol === 'https') {
-    return true;
-  } else {
-    return false;
+    }
+    const parsedUrl = new URL(str)
+    const regex = /^([a-zA-Z0-9-_.:]+)+$/
+    return {
+      isValid: regex.test(parsedUrl.host),
+      finalURL: str
+    }
+  } catch (e) {
+    return { isValid: false, finalURL: str }
   }
 }

src/pages/dapp/dapp.tsx

@@ -242,12 +242,13 @@ const DappPage = () => {
         }}
         onSearch={value => {
           setSelectedDapp(undefined);
-          if (isValidURL(value)) {
+          const { isValid, finalURL } = isValidURL(value);
+          if (isValid) {
             // jump to website
-            setSelectedURL(value);
+            setSelectedURL(finalURL);
           } else {
             // google search
-            setSelectedURL(`https://www.google.com/search?q=${value}`);
+            setSelectedURL(`https://www.google.com/search?q=${finalURL}`);
           }
         }}
       />

src/utils/utils.spec.ts

@@ -11,39 +11,39 @@ describe('Testing Common utils functions', () => {
   });
 });
 
-const invalidURLs = [
-  "smb://domain.com",
-  "vvs.finance\x00%00file:///etc/passwd",
-  "https://vvs.finance\x00%00file:///etc/passwd",
-  "ms-msdt:id%20PCWDiagnostic%20%2Fmoreoptions%20false%20%2Fskip%20true%20%2Fparam%20IT_BrowseForFile%3D%22%5Cattacker.comsmb_sharemalicious_executable.exe%22%20%2Fparam%20IT_SelectProgram%3D%22NotListed%22%20%2Fparam%20IT_AutoTroubleshoot%3D%22ts_AUTO%22",
-  "search-ms:query=malicious_executable.exe&crumb=location:%5C%[5Cattacker.com](<http://5cattacker.com/>)%5Csmb_share%5Ctools&displayname=Important%20update",
-  "ms-officecmd:%7B%22id%22:3,%22LocalProviders.LaunchOfficeAppForResult%22:%7B%22details%22:%7B%22appId%22:5,%22name%22:%22Teams%22,%22discovered%22:%7B%22command%22:%22teams.exe%22,%22uri%22:%22msteams%22%7D%7D,%22filename%22:%22a:/b/%2520--disable-gpu-sandbox%2520--gpu-launcher=%22C:%5CWindows%5CSystem32%5Ccmd%2520/c%2520ping%252016843009%2520&&%2520%22%22%7D%7D",
-  "mailto:abc.com",
-  "file:/net/attacker.tld/path/to/export",
-  "ms-excel:ofv|u|https://www.cmu.edu/blackboard/files/evaluate/tests-example.xls",
-  "http://fulcrom.finance:7890",
-  "https://fulcrom.finance:7890",
-  "https://abc:adsof@crypto.com",
-  "vvs.",
-  ".vvs",
-]
+// const invalidURLs = [
+//   "smb://domain.com",
+//   "vvs.finance\x00%00file:///etc/passwd",
+//   "https://vvs.finance\x00%00file:///etc/passwd",
+//   "ms-msdt:id%20PCWDiagnostic%20%2Fmoreoptions%20false%20%2Fskip%20true%20%2Fparam%20IT_BrowseForFile%3D%22%5Cattacker.comsmb_sharemalicious_executable.exe%22%20%2Fparam%20IT_SelectProgram%3D%22NotListed%22%20%2Fparam%20IT_AutoTroubleshoot%3D%22ts_AUTO%22",
+//   "search-ms:query=malicious_executable.exe&crumb=location:%5C%[5Cattacker.com](<http://5cattacker.com/>)%5Csmb_share%5Ctools&displayname=Important%20update",
+//   "ms-officecmd:%7B%22id%22:3,%22LocalProviders.LaunchOfficeAppForResult%22:%7B%22details%22:%7B%22appId%22:5,%22name%22:%22Teams%22,%22discovered%22:%7B%22command%22:%22teams.exe%22,%22uri%22:%22msteams%22%7D%7D,%22filename%22:%22a:/b/%2520--disable-gpu-sandbox%2520--gpu-launcher=%22C:%5CWindows%5CSystem32%5Ccmd%2520/c%2520ping%252016843009%2520&&%2520%22%22%7D%7D",
+//   "mailto:abc.com",
+//   "file:/net/attacker.tld/path/to/export",
+//   "ms-excel:ofv|u|https://www.cmu.edu/blackboard/files/evaluate/tests-example.xls",
+//   "http://fulcrom.finance:7890",
+//   "https://fulcrom.finance:7890",
+//   "https://abc:adsof@crypto.com",
+//   "vvs.",
+//   ".vvs",
+// ]
 
-const validURLs = [
-  "fulcrom.finance",
-  "http://www.google.com",
-  "https://fulcrom.finance",
-]
+// const validURLs = [
+//   "fulcrom.finance",
+//   "http://www.google.com",
+//   "https://fulcrom.finance",
+// ]
 
-describe('valid url checks', () => {
-  validURLs.forEach(url => {
-    it(`${url} is valid`, () => {
-      expect(isValidURL(url)).toBe(true);
-    })
-  });
+// describe('valid url checks', () => {
+//   validURLs.forEach(url => {
+//     it(`${url} is valid`, () => {
+//       expect(isValidURL(url)).toBe(true);
+//     })
+//   });
 
-  invalidURLs.forEach(url => {
-    it(`${url} is invalid`, () => {
-      expect(isValidURL(url)).toBe(false);
-    })
-  });
-});
+//   invalidURLs.forEach(url => {
+//     it(`${url} is invalid`, () => {
+//       expect(isValidURL(url)).toBe(false);
+//     })
+//   });
+// });

src/utils/utils.tsx

@@ -306,47 +306,29 @@ export function isLocalhostURL(str: string) {
   }
 }
 
-function isValidDomain(domain: string) {
-  const parts = domain.split('.');
-  if (parts.length < 2) {
-    return false;
-  }
-
-  for (const part of parts) {
-    if (part.length === 0) {
-      return false;
-    }
-  }
-
-  return true;
+interface ValidURLCheckResult {
+  isValid: boolean;
+  finalURL: string;
 }
 
-export function isValidURL(str: string) {
-  const count = str.split(':').length - 1;
-  if (count > 1) {
-    return false;
-  }
-
-  let urlTest: URL;
+export function isValidURL(str: string): ValidURLCheckResult {
   try {
-    if (count == 0 && isValidDomain(str)) {
-      urlTest = new URL('https://' + str);
-    } else {
-      urlTest = new URL(str);
-    }
-  } catch (_) {
-    return false;
-  }
+    if (!str.startsWith('https://') && !str.startsWith('http://')) {
+      str = 'https://' + str
 
-  if (urlTest.protocol === 'http:' || urlTest.protocol === 'https:') {
-    return true;
-  } else if (urlTest.protocol === 'http' || urlTest.protocol === 'https') {
-    return true;
-  } else {
-    return false;
+    }
+    const parsedUrl = new URL(str)
+    const regex = /^([a-zA-Z0-9-_.:]+)+$/
+    return {
+      isValid: regex.test(parsedUrl.host),
+      finalURL: str
+    }
+  } catch (e) {
+    return { isValid: false, finalURL: str }
   }
 }
 
+
 export function addHTTPsPrefixIfNeeded(str: string) {
   if (str.startsWith('http://') || str.startsWith('https://')) {
     return str;