Merge pull request #35 from gtsp233/patch-1

validate url to prevent xss

packages/mtbird-helper-extension/src/helpers.ts

@@ -12,6 +12,10 @@ export const generateEventHandler = (store: any, params: IContribute) => {
         store.actions.toggleModal(params.feature, params);
         break;
       case "link":
+        const isJavaScriptProtocol = /^[\u0000-\u001F ]*j[\r\n\t]*a[\r\n\t]*v[\r\n\t]*a[\r\n\t]*s[\r\n\t]*c[\r\n\t]*r[\r\n\t]*i[\r\n\t]*p[\r\n\t]*t[\r\n\t]*\:/i
+        if (isJavaScriptProtocol.test(params.href)) {
+            break;
+        }
         window.open(params.href);
         break;
     }