From 9ca27c62c7820bd664a1fc638595636d84b4ec29 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20Andr=C3=A9-Micolon?= Date: Sat, 29 Jul 2023 11:02:15 +0300 Subject: [PATCH] feat: add support for simplePDF in Web-Embeds (#6810) --- src/components/App.tsx | 2 +- src/element/embeddable.ts | 10 +++++++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/src/components/App.tsx b/src/components/App.tsx index 4b68fd15..4c202441 100644 --- a/src/components/App.tsx +++ b/src/components/App.tsx @@ -941,7 +941,7 @@ class App extends React.Component { title="Excalidraw Embedded Content" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowFullScreen={true} - sandbox="allow-same-origin allow-scripts allow-forms allow-popups allow-popups-to-escape-sandbox allow-presentation" + sandbox="allow-same-origin allow-scripts allow-forms allow-popups allow-popups-to-escape-sandbox allow-presentation allow-downloads" /> )} diff --git a/src/element/embeddable.ts b/src/element/embeddable.ts index 08988b28..80585bc7 100644 --- a/src/element/embeddable.ts +++ b/src/element/embeddable.ts @@ -55,6 +55,7 @@ const ALLOWED_DOMAINS = new Set([ "link.excalidraw.com", "gist.github.com", "twitter.com", + "*.simplepdf.eu", "stackblitz.com", "val.town", ]); @@ -274,9 +275,16 @@ const validateHostname = ( const { hostname } = new URL(url); const bareDomain = hostname.replace(/^www\./, ""); + const bareDomainWithFirstSubdomainWildcarded = bareDomain.replace( + /^([^.]+)/, + "*", + ); if (allowedHostnames instanceof Set) { - return ALLOWED_DOMAINS.has(bareDomain); + return ( + ALLOWED_DOMAINS.has(bareDomain) || + ALLOWED_DOMAINS.has(bareDomainWithFirstSubdomainWildcarded) + ); } if (bareDomain === allowedHostnames.replace(/^www\./, "")) {