botframework-webchat-component
Version:
React component of botframework-webchat
115 lines (95 loc) • 10.9 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", {
value: true
});
exports.default = createDefaultCardActionMiddleware;
var _detectBrowser = require("../../Utils/detectBrowser");
function asyncGeneratorStep(gen, resolve, reject, _next, _throw, key, arg) { try { var info = gen[key](arg); var value = info.value; } catch (error) { reject(error); return; } if (info.done) { resolve(value); } else { Promise.resolve(value).then(_next, _throw); } }
function _asyncToGenerator(fn) { return function () { var self = this, args = arguments; return new Promise(function (resolve, reject) { var gen = fn.apply(self, args); function _next(value) { asyncGeneratorStep(gen, resolve, reject, _next, _throw, "next", value); } function _throw(err) { asyncGeneratorStep(gen, resolve, reject, _next, _throw, "throw", err); } _next(undefined); }); }; }
// This code is adopted from sanitize-html/naughtyScheme.
// sanitize-html is a dependency of Web Chat but the naughtScheme function is neither exposed nor reusable.
// https://github.com/apostrophecms/sanitize-html/blob/master/src/index.js#L526
function getScheme(href) {
// Browsers ignore character codes of 32 (space) and below in a surprising
// number of situations. Start reading here:
// https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Embedded_tab
/* eslint-disable-next-line no-control-regex */
href = href.replace(/[\0- ]+/g, ''); // Clobber any comments in URLs, which the browser might
// interpret inside an XML data island, allowing
// a javascript: URL to be snuck through
href = href.replace(/<!\x2D\x2D(?:[\0-\t\x0B\f\x0E-\u2027\u202A-\uD7FF\uE000-\uFFFF]|[\uD800-\uDBFF][\uDC00-\uDFFF]|[\uD800-\uDBFF](?![\uDC00-\uDFFF])|(?:[^\uD800-\uDBFF]|^)[\uDC00-\uDFFF])*?\x2D\x2D>/g, ''); // Case insensitive so we don't get faked out by JAVASCRIPT #1
var matches = href.match(/^([A-Za-z]+):/);
if (!matches) {
// Protocol-relative URL or no scheme
return;
}
return matches[1].toLowerCase();
}
var ALLOWED_SCHEMES = ['data', 'http', 'https', 'ftp', 'mailto', 'sip', 'tel'];
function createDefaultCardActionMiddleware() {
return [function () {
return function (next) {
return function () {
for (var _len = arguments.length, args = new Array(_len), _key = 0; _key < _len; _key++) {
args[_key] = arguments[_key];
}
var _args$ = args[0],
_args$$cardAction = _args$.cardAction,
type = _args$$cardAction.type,
value = _args$$cardAction.value,
getSignInUrl = _args$.getSignInUrl;
switch (type) {
case 'call':
case 'downloadFile':
case 'openUrl':
case 'playAudio':
case 'playVideo':
case 'showImage':
if (ALLOWED_SCHEMES.includes(getScheme(value))) {
if (_detectBrowser.ie11) {
var newWindow = window.open();
newWindow.opener = null;
newWindow.location = value;
} else {
window.open(value, '_blank', 'noopener noreferrer');
}
} else {
console.warn('botframework-webchat: Cannot open URL with disallowed schemes.', value);
}
break;
case 'signin':
{
/**
* @todo TODO: [P3] We should prime the URL into the OAuthCard directly, instead of calling getSessionId on-demand
* This is to eliminate the delay between window.open() and location.href call
*/
// eslint-disable-next-line wrap-iife
_asyncToGenerator( /*#__PURE__*/regeneratorRuntime.mark(function _callee() {
var popup, url;
return regeneratorRuntime.wrap(function _callee$(_context) {
while (1) {
switch (_context.prev = _context.next) {
case 0:
popup = window.open();
_context.next = 3;
return getSignInUrl();
case 3:
url = _context.sent;
popup.location.href = url;
case 5:
case "end":
return _context.stop();
}
}
}, _callee);
}))();
break;
}
default:
return next.apply(void 0, args);
}
};
};
}];
}
//# sourceMappingURL=data:application/json;charset=utf-8;base64,eyJ2ZXJzaW9uIjozLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9NaWRkbGV3YXJlL0NhcmRBY3Rpb24vY3JlYXRlQ29yZU1pZGRsZXdhcmUuanMiXSwibmFtZXMiOlsiZ2V0U2NoZW1lIiwiaHJlZiIsInJlcGxhY2UiLCJtYXRjaGVzIiwibWF0Y2giLCJ0b0xvd2VyQ2FzZSIsIkFMTE9XRURfU0NIRU1FUyIsImNyZWF0ZURlZmF1bHRDYXJkQWN0aW9uTWlkZGxld2FyZSIsIm5leHQiLCJhcmdzIiwiY2FyZEFjdGlvbiIsInR5cGUiLCJ2YWx1ZSIsImdldFNpZ25JblVybCIsImluY2x1ZGVzIiwiaWUxMSIsIm5ld1dpbmRvdyIsIndpbmRvdyIsIm9wZW4iLCJvcGVuZXIiLCJsb2NhdGlvbiIsImNvbnNvbGUiLCJ3YXJuIiwicG9wdXAiLCJ1cmwiXSwibWFwcGluZ3MiOiI7Ozs7Ozs7QUFBQTs7Ozs7O0FBRUE7QUFDQTtBQUNBO0FBQ0EsU0FBU0EsU0FBVCxDQUFtQkMsSUFBbkIsRUFBeUI7QUFDdkI7QUFDQTtBQUNBOztBQUVBO0FBQ0FBLEVBQUFBLElBQUksR0FBR0EsSUFBSSxDQUFDQyxPQUFMLENBQWEsVUFBYixFQUErQixFQUEvQixDQUFQLENBTnVCLENBUXZCO0FBQ0E7QUFDQTs7QUFDQUQsRUFBQUEsSUFBSSxHQUFHQSxJQUFJLENBQUNDLE9BQUwsQ0FBYSxzTEFBYixFQUE2QixFQUE3QixDQUFQLENBWHVCLENBYXZCOztBQUNBLE1BQU1DLE9BQU8sR0FBR0YsSUFBSSxDQUFDRyxLQUFMLENBQVcsZUFBWCxDQUFoQjs7QUFFQSxNQUFJLENBQUNELE9BQUwsRUFBYztBQUNaO0FBQ0E7QUFDRDs7QUFFRCxTQUFPQSxPQUFPLENBQUMsQ0FBRCxDQUFQLENBQVdFLFdBQVgsRUFBUDtBQUNEOztBQUVELElBQU1DLGVBQWUsR0FBRyxDQUFDLE1BQUQsRUFBUyxNQUFULEVBQWlCLE9BQWpCLEVBQTBCLEtBQTFCLEVBQWlDLFFBQWpDLEVBQTJDLEtBQTNDLEVBQWtELEtBQWxELENBQXhCOztBQUVlLFNBQVNDLGlDQUFULEdBQTZDO0FBQzFELFNBQU8sQ0FDTDtBQUFBLFdBQU0sVUFBQUMsSUFBSTtBQUFBLGFBQUksWUFBYTtBQUFBLDBDQUFUQyxJQUFTO0FBQVRBLFVBQUFBLElBQVM7QUFBQTs7QUFBQSxxQkFNckJBLElBTnFCO0FBQUEsdUNBR3JCQyxVQUhxQjtBQUFBLFlBR1BDLElBSE8scUJBR1BBLElBSE87QUFBQSxZQUdEQyxLQUhDLHFCQUdEQSxLQUhDO0FBQUEsWUFJckJDLFlBSnFCLFVBSXJCQSxZQUpxQjs7QUFRekIsZ0JBQVFGLElBQVI7QUFDRSxlQUFLLE1BQUw7QUFDQSxlQUFLLGNBQUw7QUFDQSxlQUFLLFNBQUw7QUFDQSxlQUFLLFdBQUw7QUFDQSxlQUFLLFdBQUw7QUFDQSxlQUFLLFdBQUw7QUFDRSxnQkFBSUwsZUFBZSxDQUFDUSxRQUFoQixDQUF5QmQsU0FBUyxDQUFDWSxLQUFELENBQWxDLENBQUosRUFBZ0Q7QUFDOUMsa0JBQUlHLG1CQUFKLEVBQVU7QUFDUixvQkFBTUMsU0FBUyxHQUFHQyxNQUFNLENBQUNDLElBQVAsRUFBbEI7QUFDQUYsZ0JBQUFBLFNBQVMsQ0FBQ0csTUFBVixHQUFtQixJQUFuQjtBQUNBSCxnQkFBQUEsU0FBUyxDQUFDSSxRQUFWLEdBQXFCUixLQUFyQjtBQUNELGVBSkQsTUFJTztBQUNMSyxnQkFBQUEsTUFBTSxDQUFDQyxJQUFQLENBQVlOLEtBQVosRUFBbUIsUUFBbkIsRUFBNkIscUJBQTdCO0FBQ0Q7QUFDRixhQVJELE1BUU87QUFDTFMsY0FBQUEsT0FBTyxDQUFDQyxJQUFSLENBQWEsZ0VBQWIsRUFBK0VWLEtBQS9FO0FBQ0Q7O0FBRUQ7O0FBRUYsZUFBSyxRQUFMO0FBQWU7QUFDYjtBQUNWO0FBQ0E7QUFDQTtBQUVVO0FBQ0Esc0VBQUM7QUFBQTtBQUFBO0FBQUE7QUFBQTtBQUFBO0FBQ09XLHdCQUFBQSxLQURQLEdBQ2VOLE1BQU0sQ0FBQ0MsSUFBUCxFQURmO0FBQUE7QUFBQSwrQkFFbUJMLFlBQVksRUFGL0I7O0FBQUE7QUFFT1csd0JBQUFBLEdBRlA7QUFJQ0Qsd0JBQUFBLEtBQUssQ0FBQ0gsUUFBTixDQUFlbkIsSUFBZixHQUFzQnVCLEdBQXRCOztBQUpEO0FBQUE7QUFBQTtBQUFBO0FBQUE7QUFBQTtBQUFBLGVBQUQ7O0FBT0E7QUFDRDs7QUFFRDtBQUNFLG1CQUFPaEIsSUFBSSxNQUFKLFNBQVFDLElBQVIsQ0FBUDtBQXZDSjtBQXlDRCxPQWpEUztBQUFBLEtBQVY7QUFBQSxHQURLLENBQVA7QUFvREQiLCJzb3VyY2VSb290IjoiY29tcG9uZW50Oi8vLyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7IGllMTEgfSBmcm9tICcuLi8uLi9VdGlscy9kZXRlY3RCcm93c2VyJztcblxuLy8gVGhpcyBjb2RlIGlzIGFkb3B0ZWQgZnJvbSBzYW5pdGl6ZS1odG1sL25hdWdodHlTY2hlbWUuXG4vLyBzYW5pdGl6ZS1odG1sIGlzIGEgZGVwZW5kZW5jeSBvZiBXZWIgQ2hhdCBidXQgdGhlIG5hdWdodFNjaGVtZSBmdW5jdGlvbiBpcyBuZWl0aGVyIGV4cG9zZWQgbm9yIHJldXNhYmxlLlxuLy8gaHR0cHM6Ly9naXRodWIuY29tL2Fwb3N0cm9waGVjbXMvc2FuaXRpemUtaHRtbC9ibG9iL21hc3Rlci9zcmMvaW5kZXguanMjTDUyNlxuZnVuY3Rpb24gZ2V0U2NoZW1lKGhyZWYpIHtcbiAgLy8gQnJvd3NlcnMgaWdub3JlIGNoYXJhY3RlciBjb2RlcyBvZiAzMiAoc3BhY2UpIGFuZCBiZWxvdyBpbiBhIHN1cnByaXNpbmdcbiAgLy8gbnVtYmVyIG9mIHNpdHVhdGlvbnMuIFN0YXJ0IHJlYWRpbmcgaGVyZTpcbiAgLy8gaHR0cHM6Ly93d3cub3dhc3Aub3JnL2luZGV4LnBocC9YU1NfRmlsdGVyX0V2YXNpb25fQ2hlYXRfU2hlZXQjRW1iZWRkZWRfdGFiXG5cbiAgLyogZXNsaW50LWRpc2FibGUtbmV4dC1saW5lIG5vLWNvbnRyb2wtcmVnZXggKi9cbiAgaHJlZiA9IGhyZWYucmVwbGFjZSgvW1xceDAwLVxceDIwXSsvZ3UsICcnKTtcblxuICAvLyBDbG9iYmVyIGFueSBjb21tZW50cyBpbiBVUkxzLCB3aGljaCB0aGUgYnJvd3NlciBtaWdodFxuICAvLyBpbnRlcnByZXQgaW5zaWRlIGFuIFhNTCBkYXRhIGlzbGFuZCwgYWxsb3dpbmdcbiAgLy8gYSBqYXZhc2NyaXB0OiBVUkwgdG8gYmUgc251Y2sgdGhyb3VnaFxuICBocmVmID0gaHJlZi5yZXBsYWNlKC88IS0tLio/LS0+L2d1LCAnJyk7XG5cbiAgLy8gQ2FzZSBpbnNlbnNpdGl2ZSBzbyB3ZSBkb24ndCBnZXQgZmFrZWQgb3V0IGJ5IEpBVkFTQ1JJUFQgIzFcbiAgY29uc3QgbWF0Y2hlcyA9IGhyZWYubWF0Y2goL14oW2EtekEtWl0rKTovdSk7XG5cbiAgaWYgKCFtYXRjaGVzKSB7XG4gICAgLy8gUHJvdG9jb2wtcmVsYXRpdmUgVVJMIG9yIG5vIHNjaGVtZVxuICAgIHJldHVybjtcbiAgfVxuXG4gIHJldHVybiBtYXRjaGVzWzFdLnRvTG93ZXJDYXNlKCk7XG59XG5cbmNvbnN0IEFMTE9XRURfU0NIRU1FUyA9IFsnZGF0YScsICdodHRwJywgJ2h0dHBzJywgJ2Z0cCcsICdtYWlsdG8nLCAnc2lwJywgJ3RlbCddO1xuXG5leHBvcnQgZGVmYXVsdCBmdW5jdGlvbiBjcmVhdGVEZWZhdWx0Q2FyZEFjdGlvbk1pZGRsZXdhcmUoKSB7XG4gIHJldHVybiBbXG4gICAgKCkgPT4gbmV4dCA9PiAoLi4uYXJncykgPT4ge1xuICAgICAgY29uc3QgW1xuICAgICAgICB7XG4gICAgICAgICAgY2FyZEFjdGlvbjogeyB0eXBlLCB2YWx1ZSB9LFxuICAgICAgICAgIGdldFNpZ25JblVybFxuICAgICAgICB9XG4gICAgICBdID0gYXJncztcblxuICAgICAgc3dpdGNoICh0eXBlKSB7XG4gICAgICAgIGNhc2UgJ2NhbGwnOlxuICAgICAgICBjYXNlICdkb3dubG9hZEZpbGUnOlxuICAgICAgICBjYXNlICdvcGVuVXJsJzpcbiAgICAgICAgY2FzZSAncGxheUF1ZGlvJzpcbiAgICAgICAgY2FzZSAncGxheVZpZGVvJzpcbiAgICAgICAgY2FzZSAnc2hvd0ltYWdlJzpcbiAgICAgICAgICBpZiAoQUxMT1dFRF9TQ0hFTUVTLmluY2x1ZGVzKGdldFNjaGVtZSh2YWx1ZSkpKSB7XG4gICAgICAgICAgICBpZiAoaWUxMSkge1xuICAgICAgICAgICAgICBjb25zdCBuZXdXaW5kb3cgPSB3aW5kb3cub3BlbigpO1xuICAgICAgICAgICAgICBuZXdXaW5kb3cub3BlbmVyID0gbnVsbDtcbiAgICAgICAgICAgICAgbmV3V2luZG93LmxvY2F0aW9uID0gdmFsdWU7XG4gICAgICAgICAgICB9IGVsc2Uge1xuICAgICAgICAgICAgICB3aW5kb3cub3Blbih2YWx1ZSwgJ19ibGFuaycsICdub29wZW5lciBub3JlZmVycmVyJyk7XG4gICAgICAgICAgICB9XG4gICAgICAgICAgfSBlbHNlIHtcbiAgICAgICAgICAgIGNvbnNvbGUud2FybignYm90ZnJhbWV3b3JrLXdlYmNoYXQ6IENhbm5vdCBvcGVuIFVSTCB3aXRoIGRpc2FsbG93ZWQgc2NoZW1lcy4nLCB2YWx1ZSk7XG4gICAgICAgICAgfVxuXG4gICAgICAgICAgYnJlYWs7XG5cbiAgICAgICAgY2FzZSAnc2lnbmluJzoge1xuICAgICAgICAgIC8qKlxuICAgICAgICAgICAqIEB0b2RvIFRPRE86IFtQM10gV2Ugc2hvdWxkIHByaW1lIHRoZSBVUkwgaW50byB0aGUgT0F1dGhDYXJkIGRpcmVjdGx5LCBpbnN0ZWFkIG9mIGNhbGxpbmcgZ2V0U2Vzc2lvbklkIG9uLWRlbWFuZFxuICAgICAgICAgICAqICAgICAgIFRoaXMgaXMgdG8gZWxpbWluYXRlIHRoZSBkZWxheSBiZXR3ZWVuIHdpbmRvdy5vcGVuKCkgYW5kIGxvY2F0aW9uLmhyZWYgY2FsbFxuICAgICAgICAgICAqL1xuXG4gICAgICAgICAgLy8gZXNsaW50LWRpc2FibGUtbmV4dC1saW5lIHdyYXAtaWlmZVxuICAgICAgICAgIChhc3luYyBmdW5jdGlvbiAoKSB7XG4gICAgICAgICAgICBjb25zdCBwb3B1cCA9IHdpbmRvdy5vcGVuKCk7XG4gICAgICAgICAgICBjb25zdCB1cmwgPSBhd2FpdCBnZXRTaWduSW5VcmwoKTtcblxuICAgICAgICAgICAgcG9wdXAubG9jYXRpb24uaHJlZiA9IHVybDtcbiAgICAgICAgICB9KSgpO1xuXG4gICAgICAgICAgYnJlYWs7XG4gICAgICAgIH1cblxuICAgICAgICBkZWZhdWx0OlxuICAgICAgICAgIHJldHVybiBuZXh0KC4uLmFyZ3MpO1xuICAgICAgfVxuICAgIH1cbiAgXTtcbn1cbiJdfQ==