'use strict'; function _classCallCheck(instance, Constructor) { if (!(instance instanceof Constructor)) { throw new TypeError("Cannot call a class as a function"); } } /** * Licensed Materials - Property of IBM * IBM Business Analytics (C) Copyright IBM Corp. 2019 * US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. */ /** * @class DomainValidator * @hideconstructor * @classdesc This class provides DomainValidator */ define([], function () { var DomainValidator = function () { function DomainValidator(configValue) { _classCallCheck(this, DomainValidator); this._validDomainListInitialized = false; this._validDomainList = null; this._validDomains = ''; this.init(configValue); } DomainValidator.prototype.init = function init(configValue) { var _this = this; this._validDomainListInitialized = true; if (configValue && configValue !== 'myDefault') { this._validDomains = configValue; this._validDomainList = []; configValue.toLowerCase().split(',').forEach(function (host) { var hostAndPort = host.trim().split(':'); var hostname = hostAndPort[0]; var allowAllSubDomains = false, allowFirstSubDomain = false; if (hostname.indexOf('*.') === 0) { allowAllSubDomains = true; allowFirstSubDomain = true; hostname = hostname.substring(2); } else if (hostname.indexOf('.') === 0) { allowFirstSubDomain = true; hostname = hostname.substring(1); } _this._validDomainList.push({ hostname: hostname, port: hostAndPort[1], allowFirstSubDomain: allowFirstSubDomain, allowAllSubDomains: allowAllSubDomains }); }); } }; DomainValidator.prototype.isAllowedDomain = function isAllowedDomain(url) { if (!url || !this._validDomainListInitialized) { return false; } if (!this._validDomainList) { //If a valid domain list has not been specified, then all domains are valid. return true; } var findHost = url.toLowerCase() + '/'; var hostname = void 0, port = void 0, hasPort = false; if (findHost.indexOf('://') !== -1) { findHost = findHost.substring(findHost.indexOf('://') + 3); findHost = findHost.substring(0, findHost.indexOf('/')); if (findHost.indexOf('@') !== -1) { //If user info is present in the url, strip that out findHost = findHost.substring(findHost.indexOf('@') + 1); } findHost = findHost.split(':'); hostname = findHost[0]; port = findHost[1]; } else { hostname = window.location.hostname; port = window.location.port; } hasPort = !!port; return !!this._validDomainList.find(function (validDomainEntry) { //Validate port if present in the valid domain entry. if (validDomainEntry.port && (!hasPort || validDomainEntry.port !== port)) { return false; } if (validDomainEntry.hostname === hostname) { return true; } else if (validDomainEntry.allowFirstSubDomain) { var baseHost = '.' + validDomainEntry.hostname; if (hostname.substring(hostname.length - baseHost.length, hostname.length) !== baseHost) { return false; //Host name doesn't start with the fixed portion. } if (validDomainEntry.allowAllSubDomains) { //If a * was used, then any additonal subdomains are valid. return true; } var subdomain = hostname.substring(0, hostname.length - baseHost.length); return subdomain.indexOf('.') === -1; } return false; }); }; DomainValidator.prototype.getAllowedDomains = function getAllowedDomains() { return this._validDomains; }; DomainValidator.prototype.isAllowedProtocol = function isAllowedProtocol(url) { if (!url) { return false; } url = url.toLowerCase(); // https:// is always allowed - i.e. both in pages served from HTTP or // HTTPS // // is always allowed as it will copy whichever protocol the // containing page is using // http:// is only allowed if the containing page is using HTTP as well if (url.indexOf('https://') === 0 || url.indexOf('//') === 0) { return true; } return false; }; return DomainValidator; }(); return DomainValidator; }); //# sourceMappingURL=DomainValidator.js.map