Namespace: TrustedContentUtilities

TrustedContentUtilities

Utility functions for working with trusted content sources specified by a theme's AppConfig and used by the showdown iframe embedding and visualization panel.
Since:
  • 2.37.0
Source:

Methods

getDefaultIframePermissions() → {Array.<string>}

Get the default iframe sandbox permissions from app config. Falls back to TrustedContentUtilities.DEFAULT_PERMISSIONS when not configured.
Since:
  • 2.33.0
Source:
Returns:
Default iframe sandbox permissions.
Type
Array.<string>

getTrustedContentSource(url) → {Object|null}

Resolve the trusted content source entry that matches the given URL.
Parameters:
Name Type Description
url string The URL to test.
Since:
  • 2.37.0
Source:
Returns:
Matching trusted source entry, or null when no match is found.
Type
Object | null

getTrustedIframeSandbox(url) → {string|null}

Resolve the sandbox permissions for a trusted iframe URL.
Parameters:
Name Type Description
url string The URL to test.
Since:
  • 2.37.0
Source:
Returns:
The sandbox permissions string, or null when untrusted.
Type
string | null

isHttpUrl(url) → {boolean}

Return true when the URL uses the `http:` or `https:` protocol.
Parameters:
Name Type Description
url string URL to validate.
Since:
  • 2.37.0
Source:
Returns:
`true` when protocol is HTTP(S).
Type
boolean

isTrustedUrl(url) → {boolean}

Test whether a URL is trusted according to the app's `trustedContentSources` configuration. A URL is trusted when all of the following hold: - `trustedContentSources` is non-empty - The URL is syntactically valid - The URL uses the `http:` or `https:` protocol - The URL matches at least one `trustedContentSources` pattern
Parameters:
Name Type Description
url string The URL to test.
Since:
  • 2.37.0
Source:
Returns:
`true` when the URL is trusted.
Type
boolean

normalizeTrustedContentSource(source) → {Object|null}

Normalize a trusted content source entry to a consistent shape.
Parameters:
Name Type Description
source string | Object Source entry from configuration.
Since:
  • 2.37.0
Source:
Returns:
Normalized source object or null when invalid.
Type
Object | null

patternToRegex(wildcardPattern) → {RegExp}

Convert a URL pattern with wildcards to a RegExp. The protocol (if present) is extracted and escaped separately so that "https://" in a pattern only matches HTTPS URLs, not HTTP.
Parameters:
Name Type Description
wildcardPattern string The pattern, which may include "*" wildcards.
Since:
  • 2.37.0
Source:
Returns:
Case-insensitive regex that matches the full URL.
Type
RegExp