Merge pull request #1218 from basecamp/refactor-xss-fix

Refactor link XSS patch
basecamp · Dec 20, 2024 · c4f0d6f · c4f0d6f
2 parents 180c8d3 + c707f41
commit c4f0d6f
Showing 1 changed file with 11 additions and 10 deletions.
diff --git a/src/trix/controllers/toolbar_controller.js b/src/trix/controllers/toolbar_controller.js
@@ -208,19 +208,20 @@ export default class ToolbarController extends BasicObject {
     const attributeName = getAttributeName(dialogElement)
     const input = getInputForDialog(dialogElement, attributeName)
 
-    input.willValidate && input.setCustomValidity("")
-    if (input.willValidate && !input.checkValidity() || !this.safeAttribute(input)) {
-      input.setCustomValidity("Invalid value")
-      input.setAttribute("data-trix-validate", "")
-      input.classList.add("trix-validate")
-      return input.focus()
-    } else {
-      this.delegate?.toolbarDidUpdateAttribute(attributeName, input.value)
-      return this.hideDialog()
+    if (input.willValidate) {
+      input.setCustomValidity("")
+      if (!input.checkValidity() || !this.isSafeAttribute(input)) {
+        input.setCustomValidity("Invalid value")
+        input.setAttribute("data-trix-validate", "")
+        input.classList.add("trix-validate")
+        return input.focus()
+      }
     }
+    this.delegate?.toolbarDidUpdateAttribute(attributeName, input.value)
+    return this.hideDialog()
   }
 
-  safeAttribute(input) {
+  isSafeAttribute(input) {
     if (input.hasAttribute("data-trix-validate-href")) {
       return DOMPurify.isValidAttribute("a", "href", input.value)
     } else {