diff --git a/src/components/views/context_menus/MessageContextMenu.js b/src/components/views/context_menus/MessageContextMenu.js index ab30c342d0..11f14f367e 100644 --- a/src/components/views/context_menus/MessageContextMenu.js +++ b/src/components/views/context_menus/MessageContextMenu.js @@ -1,5 +1,6 @@ /* Copyright 2015, 2016 OpenMarket Ltd +Copyright 2018 New Vector Ltd Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -26,6 +27,7 @@ import Modal from 'matrix-react-sdk/lib/Modal'; import Resend from "matrix-react-sdk/lib/Resend"; import SettingsStore from "matrix-react-sdk/lib/settings/SettingsStore"; import {makeEventPermalink} from 'matrix-react-sdk/lib/matrix-to'; +import { isUrlPermitted } from 'matrix-react-sdk/lib/HtmlUtils'; module.exports = React.createClass({ displayName: 'MessageContextMenu', @@ -291,13 +293,16 @@ module.exports = React.createClass({ } // Bridges can provide a 'external_url' to link back to the source. - if (typeof(this.props.mxEvent.event.content.external_url) === "string") { + if ( + typeof(this.props.mxEvent.event.content.external_url) === "string" && + isUrlPermitted(this.props.mxEvent.event.content.external_url) + ) { externalURLButton = (
{ _t('Source URL') } + rel="noopener" target="_blank" onClick={this.closeMenu}>{ _t('Source URL') }
- ); + ); }