From 249879d5635421d096c4cdb9872d7f26e412d374 Mon Sep 17 00:00:00 2001
From: Johannes <johannes.munker@vivid-planet.com>
Date: Tue, 12 Mar 2024 09:43:48 +0100
Subject: [PATCH 1/5] feat(isHref): add javascript and data filter to
 isLinkTarget function

---
 packages/admin/cms-admin/src/validation/isHref.ts | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/packages/admin/cms-admin/src/validation/isHref.ts b/packages/admin/cms-admin/src/validation/isHref.ts
index 15dfeb11e9..06adb0bde2 100644
--- a/packages/admin/cms-admin/src/validation/isHref.ts
+++ b/packages/admin/cms-admin/src/validation/isHref.ts
@@ -3,7 +3,11 @@ import { isEmail, isURL } from "class-validator";
 const PHONE_NUMBER_REGEX = /^\+?[0-9\s]+$/;
 
 export function isLinkTarget(value: string): boolean {
-    if (value.startsWith("mailto:")) {
+    if (value.toLowerCase().includes("javascript:")) {
+        return false;
+    } else if (value.toLowerCase().includes("data:")) {
+        return false;
+    } else if (value.startsWith("mailto:")) {
         return isEmail(value.slice(7));
     } else if (value.startsWith("tel:")) {
         return PHONE_NUMBER_REGEX.test(value.slice(4));

From 91394d5fb53df192b81a586c45c0dc3217560caa Mon Sep 17 00:00:00 2001
From: Johannes <johannes.munker@vivid-planet.com>
Date: Tue, 12 Mar 2024 09:53:17 +0100
Subject: [PATCH 2/5] feat(is-href): add javascript and data filter to
 IsLinkTarget decorator

---
 .../src/blocks/externalLinkBlock/is-href.validator.ts       | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/packages/api/blocks-api/src/blocks/externalLinkBlock/is-href.validator.ts b/packages/api/blocks-api/src/blocks/externalLinkBlock/is-href.validator.ts
index 679f1f7565..b88a28e199 100644
--- a/packages/api/blocks-api/src/blocks/externalLinkBlock/is-href.validator.ts
+++ b/packages/api/blocks-api/src/blocks/externalLinkBlock/is-href.validator.ts
@@ -27,7 +27,11 @@ export class IsLinkTargetConstraint implements ValidatorConstraintInterface {
             return false;
         }
 
-        if (value.startsWith("mailto:")) {
+        if (value.toLowerCase().includes("javascript:")) {
+            return false;
+        } else if (value.toLowerCase().includes("data:")) {
+            return false;
+        } else if (value.startsWith("mailto:")) {
             return isEmail(value.slice(7));
         } else if (value.startsWith("tel:")) {
             return PHONE_NUMBER_REGEX.test(value.slice(4));

From 28695b5aaefed80ae774cb379aeea245a74fbb6c Mon Sep 17 00:00:00 2001
From: Johannes <johannes.munker@vivid-planet.com>
Date: Wed, 13 Mar 2024 10:07:51 +0100
Subject: [PATCH 3/5] refactor(isHref): rename isHref file to isLinkTarget

---
 packages/admin/cms-admin/src/blocks/ExternalLinkBlock.tsx       | 2 +-
 .../cms-admin/src/validation/{isHref.ts => isLinkTarget.ts}     | 0
 2 files changed, 1 insertion(+), 1 deletion(-)
 rename packages/admin/cms-admin/src/validation/{isHref.ts => isLinkTarget.ts} (100%)

diff --git a/packages/admin/cms-admin/src/blocks/ExternalLinkBlock.tsx b/packages/admin/cms-admin/src/blocks/ExternalLinkBlock.tsx
index 779d8f84a6..c9ed64770e 100644
--- a/packages/admin/cms-admin/src/blocks/ExternalLinkBlock.tsx
+++ b/packages/admin/cms-admin/src/blocks/ExternalLinkBlock.tsx
@@ -5,7 +5,7 @@ import * as React from "react";
 import { FormattedMessage } from "react-intl";
 
 import { ExternalLinkBlockData, ExternalLinkBlockInput } from "../blocks.generated";
-import { isLinkTarget } from "../validation/isHref";
+import { isLinkTarget } from "../validation/isLinkTarget";
 import { validateUrl } from "../validation/validateUrl";
 
 type State = ExternalLinkBlockData;
diff --git a/packages/admin/cms-admin/src/validation/isHref.ts b/packages/admin/cms-admin/src/validation/isLinkTarget.ts
similarity index 100%
rename from packages/admin/cms-admin/src/validation/isHref.ts
rename to packages/admin/cms-admin/src/validation/isLinkTarget.ts

From 6fc2fd572702d36d51b36a0e6c7aae32af06c08c Mon Sep 17 00:00:00 2001
From: Johannes <johannes.munker@vivid-planet.com>
Date: Wed, 13 Mar 2024 10:08:18 +0100
Subject: [PATCH 4/5] remove(isLinkTarget): isHref deprecation

---
 packages/admin/cms-admin/src/validation/isLinkTarget.ts | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/packages/admin/cms-admin/src/validation/isLinkTarget.ts b/packages/admin/cms-admin/src/validation/isLinkTarget.ts
index 06adb0bde2..7d68686792 100644
--- a/packages/admin/cms-admin/src/validation/isLinkTarget.ts
+++ b/packages/admin/cms-admin/src/validation/isLinkTarget.ts
@@ -15,8 +15,3 @@ export function isLinkTarget(value: string): boolean {
         return isURL(value, { require_protocol: true, require_valid_protocol: false });
     }
 }
-
-/**
- * @deprecated The validator function `isHref` will be removed in a future version. Please use `isLinkTarget` instead.
- */
-export const isHref = isLinkTarget;

From 80f79884fdbaa68c7b99a78468d201390bc56053 Mon Sep 17 00:00:00 2001
From: Johannes <johannes.munker@vivid-planet.com>
Date: Wed, 13 Mar 2024 15:32:09 +0100
Subject: [PATCH 5/5] refactor(is-href): rename file to is-link-target

---
 .../api/blocks-api/src/blocks/ExternalLinkBlock.ts |  2 +-
 ...ef.validator.ts => is-link-target.validator.ts} | 14 --------------
 2 files changed, 1 insertion(+), 15 deletions(-)
 rename packages/api/blocks-api/src/blocks/externalLinkBlock/{is-href.validator.ts => is-link-target.validator.ts} (77%)

diff --git a/packages/api/blocks-api/src/blocks/ExternalLinkBlock.ts b/packages/api/blocks-api/src/blocks/ExternalLinkBlock.ts
index f54bc06c63..8c319fd0ef 100644
--- a/packages/api/blocks-api/src/blocks/ExternalLinkBlock.ts
+++ b/packages/api/blocks-api/src/blocks/ExternalLinkBlock.ts
@@ -2,7 +2,7 @@ import { IsBoolean, IsOptional } from "class-validator";
 
 import { BlockData, BlockInput, createBlock, inputToData } from "./block";
 import { BlockField } from "./decorators/field";
-import { IsLinkTarget } from "./externalLinkBlock/is-href.validator";
+import { IsLinkTarget } from "./externalLinkBlock/is-link-target.validator";
 
 class ExternalLinkBlockData extends BlockData {
     @BlockField({ nullable: true })
diff --git a/packages/api/blocks-api/src/blocks/externalLinkBlock/is-href.validator.ts b/packages/api/blocks-api/src/blocks/externalLinkBlock/is-link-target.validator.ts
similarity index 77%
rename from packages/api/blocks-api/src/blocks/externalLinkBlock/is-href.validator.ts
rename to packages/api/blocks-api/src/blocks/externalLinkBlock/is-link-target.validator.ts
index b88a28e199..ac316e7018 100644
--- a/packages/api/blocks-api/src/blocks/externalLinkBlock/is-href.validator.ts
+++ b/packages/api/blocks-api/src/blocks/externalLinkBlock/is-link-target.validator.ts
@@ -14,11 +14,6 @@ export const IsLinkTarget = () => {
     };
 };
 
-/**
- * @deprecated The decorator `IsHref` will be removed in a future version. Please use `IsLinkTarget` instead.
- */
-export const IsHref = IsLinkTarget;
-
 @ValidatorConstraint({ name: "IsLinkTarget" })
 @Injectable()
 export class IsLinkTargetConstraint implements ValidatorConstraintInterface {
@@ -44,12 +39,3 @@ export class IsLinkTargetConstraint implements ValidatorConstraintInterface {
         return "Invalid link target";
     }
 }
-
-/**
- * @deprecated The class `IsHrefConstraint` will be removed in a future version. Please use `IsLinkTargetConstraint` instead.
- */
-export class IsHrefConstraint extends IsLinkTargetConstraint {
-    constructor() {
-        super();
-    }
-}