fix(settings): fixed two IPFS gateway issues

[HowardBraham]

Explanation

• adds back in two bugfixes that were originally in feat(srp): add a quiz to the SRP reveal #19283

  • fixes [Bug]: IPFS Gateway input not validated and seeing the encoded value on Advanced Settings #16871
  • fixes [Bug]: When editing the IPFS Gateway URL - land on MetaMask encountered an error page #18140

• achieves 100% code coverage for /ui/pages/settings/security-tab

• removes the npm package valid-url, which has not been updated in 10 years

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[codecov]

Codecov Report

Merging #19700 (777c5bf) into develop (e02f597) will increase coverage by 0.33%.
The diff coverage is 81.94%.

❗ Current head 777c5bf differs from pull request most recent head a82362e. Consider uploading reports for the commit a82362e to get more accurate results

@@             Coverage Diff             @@
##           develop   #19700      +/-   ##
===========================================
+ Coverage    68.84%   69.17%   +0.33%     
===========================================
  Files          993      994       +1     
  Lines        38258    38271      +13     
  Branches     10248    10251       +3     
===========================================
+ Hits         26338    26472     +134     
+ Misses       11920    11799     -121     

Files Changed	Coverage Δ
ui/pages/keychains/reveal-seed.js	98.75% <ø> (+1.22%)	⬆️
...c-method-middleware/handlers/add-ethereum-chain.js	9.15% <21.43%> (+0.49%)	⬆️
app/scripts/lib/util.ts	90.62% <92.31%> (+34.55%)	⬆️
...ttings/networks-tab/networks-form/networks-form.js	81.82% <100.00%> (-0.06%)	⬇️
...es/settings/security-tab/security-tab.component.js	100.00% <100.00%> (+22.83%)	⬆️

... and 6 files with indirect coverage changes

[socket-security]

Removed dependencies detected. Learn more about Socket for GitHub ↗︎

🚮 Removed packages: [email protected]

[NidhiKJha]

Valid-url removal is really nice. Though I can still enter IPFS with spaces. We need to validate that?

256262783-ecfb30b2-cc4a-4a3d-80eb-e4853af45734.mov

[HowardBraham]

Valid-url removal is really nice. Though I can still enter IPFS with spaces. We need to validate that?

This is a tricky situation, because a URL actually can have a %20 space in it. Is it done a lot? No.

How do we handle this in other places?

[Gudahtt]

Spaces are allowed in the path, but not the origin. We need to retain some amount of validation here to protect users from accidentally entering invalid URLs.

Elsewhere we validate using the URL constructor. Might that work here?

[HowardBraham]

@Gudahtt it's actually already validating through URL

Try new URL('https://a b'), it doesn't produce an error

I'm not actually sure if https://a%20b.com/ is a valid URL, I can't find any clear documentation

[HowardBraham]

@Gudahtt @NidhiKJha update... you cannot have a domain name with an encoded space in it because % is not a valid character. But... URL behaves differently in Node and browser!

• Node new URL('https://a b.com') gives an error
• Browser new URL('https://a b.com') is fine

Options:

1. Validate with another package, maybe is-url-http or url
2. Validate with a regex

Any preferences?

[HowardBraham]

@Gudahtt @NidhiKJha I fixed the URL validation this way:

const url = new URL(urlString);

if (url.hostname !== decodeURIComponent(url.hostname)) {
  return null; // will happen if there's a %, a space, or other invalid character in the hostname
}

It also now incorporates the changes from #20172

Hopefully should be good to approve and merge now

[legobeat]

Looking this function properly for the first time, it was introduced in #14272.

I find these magic values problematic. What about foo.localhost, localhost.localdomain, self-mapped hostnames, or other loopback addresses like ::1 (i see this in particular regularly tripping people up) or the rest of 127.0.0.0/8? Sure it's usually possible to work around but seems arbitrary and could be a potential cause of hair-pulling in places. So this may need to be revised (possibly even resulting in new user-facing-preference(s)?). Heck, if someone wants to run a block explorer over file:// or some protocol we're not having in mind right now, why not let them?

While the changes in this PR still look like an improvement and resolving that aspect is probably out of scope here, moving this function out to util.ts invites use from other parts of the code, so perhaps it can be moved back and unexported for now?

[HowardBraham]

Yeah I see what you mean... it's better, but not good enough to put in util. I moved the new version of it back to add-ethereum-chain.js.

[metamaskbot]

Builds ready [5050bc2]

• builds: chrome, firefox
• builds (beta): chrome
• builds (flask): chrome, firefox
• build viz: Build System
• mv3: Background Module Init Stats
• mv3: UI Init Stats
• mv3: Module Load Stats
• mv3: Bundle Size Stats
• mv2: E2e Actions Stats
• code coverage: Report
• storybook: Storybook
• typescript migration: Dashboard
• all artifacts
• bundle viz:

  • background: 0, 1, 2, 3, 4
  • common: 0, 1, 2, 3, 4, 5
  • content-script: 0
  • contentscript: contentscript
  • disable-console: disable-console
  • inpage: inpage
  • policy-load: policy-load
  • sentry-install: sentry-install
  • ui: 0, 1, 10, 11, 12, 2, 3, 4, 5, 6, 7, 8, 9

Page Load Metrics (1515 ± 58 ms)

Platform	Page	Metric	Min (ms)	Max (ms)	Average (ms)	StandardDeviation (ms)	MarginOfError (ms)
Chrome	Home	firstPaint	106	189	127	19	9
		domContentLoaded	1361	1848	1514	120	58
		load	1361	1848	1515	120	58
		domInteractive	1361	1848	1514	120	58

Bundle size diffs [🚀 Bundle size reduced!]

• background: -60 Bytes (-0.00%)
• ui: -120 Bytes (-0.00%)
• common: -1 KiB (-0.03%)

[metamaskbot]

Builds ready [777c5bf]

• builds: chrome, firefox
• builds (beta): chrome
• builds (flask): chrome, firefox
• build viz: Build System
• mv3: Background Module Init Stats
• mv3: UI Init Stats
• mv3: Module Load Stats
• mv3: Bundle Size Stats
• mv2: E2e Actions Stats
• code coverage: Report
• storybook: Storybook
• typescript migration: Dashboard
• all artifacts
• bundle viz:

  • background: 0, 1, 2, 3, 4
  • common: 0, 1, 2, 3, 4, 5
  • content-script: 0
  • contentscript: contentscript
  • disable-console: disable-console
  • inpage: inpage
  • policy-load: policy-load
  • sentry-install: sentry-install
  • ui: 0, 1, 10, 11, 12, 2, 3, 4, 5, 6, 7, 8, 9

Page Load Metrics (1472 ± 50 ms)

Platform	Page	Metric	Min (ms)	Max (ms)	Average (ms)	StandardDeviation (ms)	MarginOfError (ms)
Chrome	Home	firstPaint	106	191	131	24	12
		domContentLoaded	1325	1828	1472	103	50
		load	1325	1828	1472	103	50
		domInteractive	1325	1828	1472	103	50

Bundle size diffs [🚀 Bundle size reduced!]

• background: -60 Bytes (-0.00%)
• ui: -47 Bytes (-0.00%)
• common: -1 KiB (-0.03%)

[metamaskbot]

Builds ready [a82362e]

• builds: chrome, firefox
• builds (beta): chrome
• builds (flask): chrome, firefox
• build viz: Build System
• mv3: Background Module Init Stats
• mv3: UI Init Stats
• mv3: Module Load Stats
• mv3: Bundle Size Stats
• mv2: E2e Actions Stats
• code coverage: Report
• storybook: Storybook
• typescript migration: Dashboard
• all artifacts
• bundle viz:

  • background: 0, 1, 2, 3, 4
  • common: 0, 1, 2, 3, 4, 5
  • content-script: 0
  • contentscript: contentscript
  • disable-console: disable-console
  • inpage: inpage
  • policy-load: policy-load
  • sentry-install: sentry-install
  • ui: 0, 1, 10, 11, 12, 2, 3, 4, 5, 6, 7, 8, 9

Page Load Metrics (1437 ± 45 ms)

Platform	Page	Metric	Min (ms)	Max (ms)	Average (ms)	StandardDeviation (ms)	MarginOfError (ms)
Chrome	Home	firstPaint	107	156	122	12	6
		domContentLoaded	1296	1670	1437	94	45
		load	1296	1670	1437	94	45
		domInteractive	1296	1670	1437	94	45

Bundle size diffs [🚀 Bundle size reduced!]

• background: -60 Bytes (-0.00%)
• ui: -47 Bytes (-0.00%)
• common: -1 KiB (-0.03%)