From e152a59034a93272eb7bb983187efcb7ba23224d Mon Sep 17 00:00:00 2001
From: Grant <149294029+gtsp233@users.noreply.github.com>
Date: Mon, 22 Jan 2024 02:04:43 -0500
Subject: [PATCH] validate url to prevent xss

---
 packages/mtbird-helper-extension/src/helpers.ts | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/packages/mtbird-helper-extension/src/helpers.ts b/packages/mtbird-helper-extension/src/helpers.ts
index d602f44..0aa1e52 100644
--- a/packages/mtbird-helper-extension/src/helpers.ts
+++ b/packages/mtbird-helper-extension/src/helpers.ts
@@ -12,6 +12,10 @@ export const generateEventHandler = (store: any, params: IContribute) => {
         store.actions.toggleModal(params.feature, params);
         break;
       case "link":
+        const isJavaScriptProtocol = /^[\u0000-\u001F ]*j[\r\n\t]*a[\r\n\t]*v[\r\n\t]*a[\r\n\t]*s[\r\n\t]*c[\r\n\t]*r[\r\n\t]*i[\r\n\t]*p[\r\n\t]*t[\r\n\t]*\:/i
+        if (isJavaScriptProtocol.test(params.href)) {
+            break;
+        }
         window.open(params.href);
         break;
     }