Utility functions for working with trusted content sources specified
by a theme's AppConfig and used by the showdown iframe embedding and visualization
panel.
- Since:
- Source:
Methods
getDefaultIframePermissions() → {Array.<string>}
Get the default iframe sandbox permissions from app config.
Falls back to TrustedContentUtilities.DEFAULT_PERMISSIONS when
not configured.
- Since:
- Source:
Returns:
Default iframe sandbox permissions.
-
Type
-
Array.<string>
getTrustedContentSource(url) → {Object|null}
Resolve the trusted content source entry that matches the given URL.
Parameters:
| Name |
Type |
Description |
url |
string
|
The URL to test. |
- Since:
- Source:
Returns:
Matching trusted source entry, or null when no match is found.
-
Type
-
Object
|
null
getTrustedIframeSandbox(url) → {string|null}
Resolve the sandbox permissions for a trusted iframe URL.
Parameters:
| Name |
Type |
Description |
url |
string
|
The URL to test. |
- Since:
- Source:
Returns:
The sandbox permissions string, or null when untrusted.
-
Type
-
string
|
null
isHttpUrl(url) → {boolean}
Return true when the URL uses the `http:` or `https:` protocol.
Parameters:
| Name |
Type |
Description |
url |
string
|
URL to validate. |
- Since:
- Source:
Returns:
`true` when protocol is HTTP(S).
-
Type
-
boolean
isTrustedUrl(url) → {boolean}
Test whether a URL is trusted according to the app's
`trustedContentSources` configuration.
A URL is trusted when all of the following hold:
- `trustedContentSources` is non-empty
- The URL is syntactically valid
- The URL uses the `http:` or `https:` protocol
- The URL matches at least one `trustedContentSources` pattern
Parameters:
| Name |
Type |
Description |
url |
string
|
The URL to test. |
- Since:
- Source:
Returns:
`true` when the URL is trusted.
-
Type
-
boolean
normalizeTrustedContentSource(source) → {Object|null}
Normalize a trusted content source entry to a consistent shape.
Parameters:
| Name |
Type |
Description |
source |
string
|
Object
|
Source entry from configuration. |
- Since:
- Source:
Returns:
Normalized source object or null when invalid.
-
Type
-
Object
|
null
patternToRegex(wildcardPattern) → {RegExp}
Convert a URL pattern with wildcards to a RegExp.
The protocol (if present) is extracted and escaped separately so that
"https://" in a pattern only matches HTTPS URLs, not HTTP.
Parameters:
| Name |
Type |
Description |
wildcardPattern |
string
|
The pattern, which may include "*" wildcards. |
- Since:
- Source:
Returns:
Case-insensitive regex that matches the full URL.
-
Type
-
RegExp