From 444e6e5a11d6c323cd298aa5106fc168a83640e8 Mon Sep 17 00:00:00 2001
From: Armando Guarino <arm.guarino@gmail.com>
Date: Wed, 6 Nov 2024 13:42:27 +0100
Subject: [PATCH] refactor: adjust validate and add shouldAutoLink to improve
 URL handling

---
 .changeset/witty-olives-protect.md            |  6 ++
 demos/src/Marks/Link/React/index.jsx          | 55 +++++++++++++++++++
 demos/src/Marks/Link/React/index.spec.js      | 42 +++++++++++---
 .../extension-link/src/helpers/autolink.ts    |  3 +
 packages/extension-link/src/link.ts           | 30 +++++++---
 5 files changed, 122 insertions(+), 14 deletions(-)
 create mode 100644 .changeset/witty-olives-protect.md

diff --git a/.changeset/witty-olives-protect.md b/.changeset/witty-olives-protect.md
new file mode 100644
index 00000000000..cb156c4bbb1
--- /dev/null
+++ b/.changeset/witty-olives-protect.md
@@ -0,0 +1,6 @@
+---
+"@tiptap/extension-link": patch
+"tiptap-demos": patch
+---
+
+Refactor validate and add shouldAutoLink function to improve URL handling
diff --git a/demos/src/Marks/Link/React/index.jsx b/demos/src/Marks/Link/React/index.jsx
index 452bb5b4bc2..72a153fea1f 100644
--- a/demos/src/Marks/Link/React/index.jsx
+++ b/demos/src/Marks/Link/React/index.jsx
@@ -20,6 +20,61 @@ export default () => {
         openOnClick: false,
         autolink: true,
         defaultProtocol: 'https',
+        protocols: ['http', 'https'],
+        validate: (url, ctx) => {
+          try {
+            // construct URL
+            const parsedUrl = url.startsWith('http') ? new URL(url) : new URL(`${ctx.defaultProtocol}://${url}`)
+
+            // use default validation
+            if (!ctx.defaultValidate(parsedUrl.href)) {
+              return false
+            }
+
+            // disallowed protocols
+            const disallowedProtocols = ['ftp', 'file', 'mailto']
+            const protocol = parsedUrl.protocol.replace(':', '')
+
+            if (disallowedProtocols.includes(protocol)) {
+              return false
+            }
+
+            // only allow protocols specified in ctx.protocols
+            const allowedProtocols = ctx.protocols.map(p => (typeof p === 'string' ? p : p.scheme))
+
+            if (!allowedProtocols.includes(protocol)) {
+              return false
+            }
+
+            // disallowed domains
+            const disallowedDomains = ['example-phishing.com', 'malicious-site.net']
+            const domain = parsedUrl.hostname
+
+            if (disallowedDomains.includes(domain)) {
+              return false
+            }
+
+            // all checks have passed
+            return true
+          } catch (error) {
+            return false
+          }
+        },
+        shouldAutoLink: url => {
+          try {
+            // construct URL
+            const parsedUrl = url.startsWith('http') ? new URL(url) : new URL(`https://${url}`)
+
+            // only auto-link if the domain is not in the disallowed list
+            const disallowedDomains = ['example-no-autolink.com', 'another-no-autolink.com']
+            const domain = parsedUrl.hostname
+
+            return !disallowedDomains.includes(domain)
+          } catch (error) {
+            return false
+          }
+        },
+
       }),
     ],
     content: `
diff --git a/demos/src/Marks/Link/React/index.spec.js b/demos/src/Marks/Link/React/index.spec.js
index 61fd1b281ff..bc13e1af8c7 100644
--- a/demos/src/Marks/Link/React/index.spec.js
+++ b/demos/src/Marks/Link/React/index.spec.js
@@ -12,27 +12,27 @@ context('/src/Marks/Link/React/', () => {
 
   it('should parse a tags correctly', () => {
     cy.get('.tiptap').then(([{ editor }]) => {
-      editor.commands.setContent('<p><a href="#">Example Text1</a></p>')
+      editor.commands.setContent('<p><a href="https://example.com">Example Text1</a></p>')
       expect(editor.getHTML()).to.eq(
-        '<p><a target="_blank" rel="noopener noreferrer nofollow" href="#">Example Text1</a></p>',
+        '<p><a target="_blank" rel="noopener noreferrer nofollow" href="https://example.com">Example Text1</a></p>',
       )
     })
   })
 
   it('should parse a tags with target attribute correctly', () => {
     cy.get('.tiptap').then(([{ editor }]) => {
-      editor.commands.setContent('<p><a href="#" target="_self">Example Text2</a></p>')
+      editor.commands.setContent('<p><a href="https://example.com" target="_self">Example Text2</a></p>')
       expect(editor.getHTML()).to.eq(
-        '<p><a target="_self" rel="noopener noreferrer nofollow" href="#">Example Text2</a></p>',
+        '<p><a target="_self" rel="noopener noreferrer nofollow" href="https://example.com">Example Text2</a></p>',
       )
     })
   })
 
   it('should parse a tags with rel attribute correctly', () => {
     cy.get('.tiptap').then(([{ editor }]) => {
-      editor.commands.setContent('<p><a href="#" rel="follow">Example Text3</a></p>')
+      editor.commands.setContent('<p><a href="https://example.com" rel="follow">Example Text3</a></p>')
       expect(editor.getHTML()).to.eq(
-        '<p><a target="_blank" rel="follow" href="#">Example Text3</a></p>',
+        '<p><a target="_blank" rel="follow" href="https://example.com">Example Text3</a></p>',
       )
     })
   })
@@ -54,7 +54,7 @@ context('/src/Marks/Link/React/', () => {
 
   it('should allow exiting the link once set', () => {
     cy.get('.tiptap').then(([{ editor }]) => {
-      editor.commands.setContent('<p><a href="#" target="_self">Example Text2</a></p>')
+      editor.commands.setContent('<p><a href="https://example.com" target="_self">Example Text2</a></p>')
       cy.get('.tiptap').type('{rightArrow}')
 
       cy.get('button:first').should('not.have.class', 'is-active')
@@ -129,4 +129,32 @@ context('/src/Marks/Link/React/', () => {
       .find('a[href="http://example3.com/foobar"]')
       .should('contain', 'http://example3.com/foobar')
   })
+
+  it('should not allow links with disallowed protocols', () => {
+    const disallowedProtocols = ['ftp://example.com', 'file:///example.txt', 'mailto:test@example.com']
+
+    disallowedProtocols.forEach(url => {
+      cy.get('.tiptap').then(([{ editor }]) => {
+        editor.commands.setContent(`<p><a href="${url}">Example Text</a></p>`)
+        expect(editor.getHTML()).to.not.include(`<a href="${url}">`)
+      })
+    })
+  })
+
+  it('should not allow links with disallowed domains', () => {
+    const disallowedDomains = ['https://example-phishing.com', 'https://malicious-site.net']
+
+    disallowedDomains.forEach(url => {
+      cy.get('.tiptap').then(([{ editor }]) => {
+        editor.commands.setContent(`<p><a href="${url}">Example Text</a></p>`)
+        expect(editor.getHTML()).to.not.include(`<a href="${url}">`)
+      })
+    })
+  })
+
+  it('should not auto-link a URL from a disallowed domain', () => {
+    cy.get('.tiptap').type('https://example-phishing.com ') // disallowed domain
+    cy.get('.tiptap').should('not.have.descendants', 'a')
+    cy.get('.tiptap').should('contain.text', 'https://example-phishing.com')
+  })
 })
diff --git a/packages/extension-link/src/helpers/autolink.ts b/packages/extension-link/src/helpers/autolink.ts
index c15efa9a17b..7b57007a5cd 100644
--- a/packages/extension-link/src/helpers/autolink.ts
+++ b/packages/extension-link/src/helpers/autolink.ts
@@ -35,6 +35,7 @@ type AutolinkOptions = {
   type: MarkType
   defaultProtocol: string
   validate: (url: string) => boolean
+  shouldAutoLink: (url: string) => boolean
 }
 
 /**
@@ -144,6 +145,8 @@ export function autolink(options: AutolinkOptions): Plugin {
             })
             // validate link
             .filter(link => options.validate(link.value))
+            // check whether should autolink
+            .filter(link => options.shouldAutoLink(link.value))
             // Add link mark.
             .forEach(link => {
               if (getMarksBetween(link.from, link.to, newState.doc).some(item => item.mark.type === options.type)) {
diff --git a/packages/extension-link/src/link.ts b/packages/extension-link/src/link.ts
index f78dc1db0b3..353e559799e 100644
--- a/packages/extension-link/src/link.ts
+++ b/packages/extension-link/src/link.ts
@@ -75,9 +75,21 @@ export interface LinkOptions {
   /**
    * A validation function that modifies link verification for the auto linker.
    * @param url - The url to be validated.
+   * @param ctx - An object containing:
+   *              - `defaultValidate`: A function that performs the default URL validation.
+   *              - `protocols`: An array of allowed protocols for the URL (e.g., "http", "https").
+   *              - `defaultProtocol`: A string that represents the default protocol (e.g. 'http')
    * @returns - True if the url is valid, false otherwise.
    */
-  validate: (url: string) => boolean
+  validate: (url: string, ctx: { defaultValidate: (url: string) => boolean, protocols: Array<LinkProtocolOptions | string>, defaultProtocol: string }) => boolean
+
+  /**
+   * Determines whether a valid link should be automatically linked in the content.
+   *
+   * @param url - The URL that has already been validated.
+   * @returns - True if the link should be auto-linked; false if it should not be auto-linked.
+   */
+  shouldAutoLink: (url: string) => boolean
 }
 
 declare module '@tiptap/core' {
@@ -169,7 +181,8 @@ export const Link = Mark.create<LinkOptions>({
         rel: 'noopener noreferrer nofollow',
         class: null,
       },
-      validate: url => !!url,
+      validate: (url, ctx) => !!isAllowedUri(url, ctx.protocols),
+      shouldAutoLink: url => !!url,
     }
   },
 
@@ -200,7 +213,7 @@ export const Link = Mark.create<LinkOptions>({
         const href = (dom as HTMLElement).getAttribute('href')
 
         // prevent XSS attacks
-        if (!href || !isAllowedUri(href, this.options.protocols)) {
+        if (!href || !this.options.validate(href, { defaultValidate: url => !!isAllowedUri(url, this.options.protocols), protocols: this.options.protocols, defaultProtocol: this.options.defaultProtocol })) {
           return false
         }
         return null
@@ -210,7 +223,7 @@ export const Link = Mark.create<LinkOptions>({
 
   renderHTML({ HTMLAttributes }) {
     // prevent XSS attacks
-    if (!isAllowedUri(HTMLAttributes.href, this.options.protocols)) {
+    if (!this.options.validate(HTMLAttributes.href, { defaultValidate: href => !!isAllowedUri(href, this.options.protocols), protocols: this.options.protocols, defaultProtocol: this.options.defaultProtocol })) {
       // strip out the href
       return ['a', mergeAttributes(this.options.HTMLAttributes, { ...HTMLAttributes, href: '' }), 0]
     }
@@ -250,8 +263,9 @@ export const Link = Mark.create<LinkOptions>({
           const foundLinks: PasteRuleMatch[] = []
 
           if (text) {
-            const { validate } = this.options
-            const links = find(text).filter(item => item.isLink && validate(item.value))
+            console.log(text)
+            const { validate, protocols, defaultProtocol } = this.options
+            const links = find(text).filter(item => item.isLink && validate(item.href, { defaultValidate: href => !!isAllowedUri(href, protocols), protocols, defaultProtocol }))
 
             if (links.length) {
               links.forEach(link => (foundLinks.push({
@@ -278,13 +292,15 @@ export const Link = Mark.create<LinkOptions>({
 
   addProseMirrorPlugins() {
     const plugins: Plugin[] = []
+    const { validate, protocols, defaultProtocol } = this.options
 
     if (this.options.autolink) {
       plugins.push(
         autolink({
           type: this.type,
           defaultProtocol: this.options.defaultProtocol,
-          validate: this.options.validate,
+          validate: url => validate(url, { defaultValidate: href => !!isAllowedUri(href, protocols), protocols, defaultProtocol }),
+          shouldAutoLink: this.options.shouldAutoLink,
         }),
       )
     }