@forge/manifest
12.1.0-next.112.1.0-next.2
out/validators/permissions-validator.jsout/validators/permissions-validator.js+5−5
Index: package/out/validators/permissions-validator.js
===================================================================
--- package/out/validators/permissions-validator.js
+++ package/out/validators/permissions-validator.js
@@ -27,20 +27,20 @@
class PermissionsValidator {
remotesHasValidEntryForKey(remoteMap, key) {
return (remoteMap !== undefined &&
remoteMap.has(key) &&
- (remoteMap.get(key) === null || this.isValidURL(remoteMap.get(key))));
+ (remoteMap.get(key) === null || this.isValidURL(remoteMap.get(key), false)));
}
- isValidURL(inputURL) {
+ isValidURL(inputURL, allowGlobalUrl) {
const protocolRegex = /^(.*?:\/\/)/;
const validURI = /^(\*\.)?[.a-zA-Z0-9_\-\/:~#%?=&]+$/;
const allowedProtocols = ['https:', 'wss:'];
const MAX_URL_LENGTH = 1000;
if (inputURL.length > MAX_URL_LENGTH) {
return false;
}
- if (inputURL === '*') {
- return true;
+ if (inputURL === egress_types_1.GLOBAL_URL) {
+ return allowGlobalUrl;
}
const customURLSchemeRegex = /^[a-zA-Z]+:(\\\\)?/;
if (customURLSchemeRegex.test(inputURL) &&
![...exports.PROTOCOL_BLOCKLIST, 'http'].some((protocol) => inputURL.startsWith(protocol)) &&
@@ -80,9 +80,9 @@
});
});
}
validateExternalPermissionURLs(result, extPermType, perms, manifest) {
- const invalidPerms = perms?.filter((key) => !this.isValidURL(key));
+ const invalidPerms = perms?.filter((key) => !this.isValidURL(key, true));
if (invalidPerms?.length) {
this.addValidationErrors(result, extPermType, invalidPerms, manifest);
}
const globalUrl = perms?.find((key) => key === egress_types_1.GLOBAL_URL);