From a49420353f10f3d951ee2f9613e322fb5ebfbbb3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?So=CC=88ren=20Hentzschel?= <kontakt@agenedia.com>
Date: Sun, 15 Sep 2019 12:45:05 +0200
Subject: [PATCH] enhanced URL validation method to optionally allow data:image
 URI for some policies, see #96

---
 .eslintrc.json              |  2 +-
 CHANGELOG.md                |  4 +++-
 src/js/core/configurator.js | 25 +++++++++++++++++++------
 3 files changed, 23 insertions(+), 8 deletions(-)

diff --git a/.eslintrc.json b/.eslintrc.json
index c75fc42..01524d2 100644
--- a/.eslintrc.json
+++ b/.eslintrc.json
@@ -77,7 +77,7 @@
     "max-lines": "off",
     "max-lines-per-function": "off",
     "max-nested-callbacks": ["error", 4],
-    "max-params": ["error", 6],
+    "max-params": ["error", 7],
     "max-statements-per-line": "error",
     "max-statements": "off",
     "multiline-comment-style": "off",
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5b3043d..b160938 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,9 +6,11 @@
 
 #### Enhancements
 
-- Deprecation of Firefox 60. Firefox Browser 68 or higher is required now. Also Enterprise Policy Generator no longer
+- deprecation of Firefox 60. Firefox Browser 68 or higher is required now. Also Enterprise Policy Generator no longer
   shows minimum required Firefox version for policies older than Firefox 68.0, fixes
   [#80](https://github.com/cadeyrn/enterprise-policy-generator/issues/80)
+- enhanced URL validation method to optionally allow data:image URI for some policies, see
+  [#96](https://github.com/cadeyrn/enterprise-policy-generator/issues/96)
 
 #### Enterprise Policies
 
diff --git a/src/js/core/configurator.js b/src/js/core/configurator.js
index 4c91e1e..4b82368 100644
--- a/src/js/core/configurator.js
+++ b/src/js/core/configurator.js
@@ -372,7 +372,7 @@ const configurator = {
    */
   validateUrlFields (e) {
     // the URL field has a valid URL, hide visual indication
-    if (!e.target.value || configurator.isValidURL(e.target.value)) {
+    if (!e.target.value || configurator.isValidURL(e.target.value, e.target.getAttribute('data-data-uri-allowed'))) {
       e.target.classList.remove('invalid-url-style');
       e.target.parentNode.querySelector('.invalid-url-label').classList.add('hidden');
     }
@@ -387,11 +387,16 @@ const configurator = {
    * Tests if a given string is a valid URL.
    *
    * @param {string} string - the string to check
+   * @param {boolean} dataUriAllowed - whether data URIs are allowed or not
    *
    * @returns {boolean} - whether the given string is a valid URL or not
    */
-  isValidURL (string) {
-    const pattern = new RegExp(/^https?:\/\//, 'gi');
+  isValidURL (string, dataUriAllowed) {
+    let pattern = new RegExp(/^https?:\/\//, 'gi');
+
+    if (dataUriAllowed) {
+      pattern = new RegExp(/^(https?:\/\/|data:image\/)/, 'gi');
+    }
 
     return pattern.test(encodeURI(string));
   },
@@ -687,10 +692,13 @@ const configurator = {
         configurator.addObjectArrayProperty(el, parentName, policy);
         break;
       case 'string':
-        configurator.addStringProperty(el, parentName, policy, false, isArrayProperty, hideArrayActionLinks);
+        configurator.addStringProperty(el, parentName, policy, false, false, isArrayProperty, hideArrayActionLinks);
         break;
       case 'url':
-        configurator.addStringProperty(el, parentName, policy, true, isArrayProperty, hideArrayActionLinks);
+        configurator.addStringProperty(el, parentName, policy, true, false, isArrayProperty, hideArrayActionLinks);
+        break;
+      case 'urlOrData':
+        configurator.addStringProperty(el, parentName, policy, true, true, isArrayProperty, hideArrayActionLinks);
         break;
       default:
       // do nothing
@@ -918,12 +926,13 @@ const configurator = {
    * @param {string} parentName - the name of the parent policy object
    * @param {Object} policy - the policy object
    * @param {boolean} isUrl - if true, the property is of the type "url", otherwise it's of the type "string"
+   * @param {boolean} dataUriAllowed - if true, data URIs are allowed as input, only considered if isUrl is true
    * @param {boolean} isArrayProperty - whether this call is within an array field or not
    * @param {boolean} hideArrayActionLinks - whether this is an array item but no action links should be added
    *
    * @returns {void}
    */
-  addStringProperty (el, parentName, policy, isUrl, isArrayProperty, hideArrayActionLinks) {
+  addStringProperty (el, parentName, policy, isUrl, dataUriAllowed, isArrayProperty, hideArrayActionLinks) {
     const elObjectWrapper = document.createElement('div');
     elObjectWrapper.classList.add('input');
 
@@ -935,6 +944,10 @@ const configurator = {
 
     if (isUrl) {
       elInput.setAttribute('type', 'url');
+
+      if (dataUriAllowed) {
+        elInput.setAttribute('data-data-uri-allowed', 'true');
+      }
     }
     else {
       elInput.setAttribute('type', 'text');