From fa89d8d81af8881298ffa348f0addcfa04ec0f48 Mon Sep 17 00:00:00 2001 From: mainframev Date: Wed, 8 Apr 2026 15:24:54 +0200 Subject: [PATCH 1/2] fix(charts): modify isSafeUrl utility --- .../src/utilities/UtilityUnitTests.test.ts | 12 ++++++++++-- .../charts/react-charting/src/utilities/utilities.ts | 2 +- .../library/src/utilities/UtilityUnitTests.test.ts | 12 ++++++++++-- .../react-charts/library/src/utilities/utilities.ts | 2 +- 4 files changed, 22 insertions(+), 6 deletions(-) diff --git a/packages/charts/react-charting/src/utilities/UtilityUnitTests.test.ts b/packages/charts/react-charting/src/utilities/UtilityUnitTests.test.ts index 8dc562f9066ede..8cc45358358c6c 100644 --- a/packages/charts/react-charting/src/utilities/UtilityUnitTests.test.ts +++ b/packages/charts/react-charting/src/utilities/UtilityUnitTests.test.ts @@ -1564,8 +1564,16 @@ describe('isSafeUrl', () => { expect(utils.isSafeUrl('file:///etc/passwd')).toBe(false); }); - test('Should block ftp: protocol', () => { - expect(utils.isSafeUrl('ftp://example.com/file')).toBe(false); + test('Should allow ftp: protocol', () => { + expect(utils.isSafeUrl('ftp://example.com/file')).toBe(true); + }); + + test('Should allow mailto: protocol', () => { + expect(utils.isSafeUrl('mailto:user@example.com')).toBe(true); + }); + + test('Should allow tel: protocol', () => { + expect(utils.isSafeUrl('tel:+1234567890')).toBe(true); }); test('Should block custom: protocol', () => { diff --git a/packages/charts/react-charting/src/utilities/utilities.ts b/packages/charts/react-charting/src/utilities/utilities.ts index 2751523374d147..eeae65c4af60bf 100644 --- a/packages/charts/react-charting/src/utilities/utilities.ts +++ b/packages/charts/react-charting/src/utilities/utilities.ts @@ -2557,7 +2557,7 @@ const truncateTextToFitWidth = (text: string, maxWidth: number, measure: (s: str export function isSafeUrl(href: string): boolean { if (/^[a-z][a-z0-9+.-]*:/i.test(href)) { - return /^https?:/i.test(href); + return /^(https?|mailto|tel|ftp):/i.test(href); } return true; diff --git a/packages/charts/react-charts/library/src/utilities/UtilityUnitTests.test.ts b/packages/charts/react-charts/library/src/utilities/UtilityUnitTests.test.ts index 7aebbbd868c86e..ea6e1ef9291352 100644 --- a/packages/charts/react-charts/library/src/utilities/UtilityUnitTests.test.ts +++ b/packages/charts/react-charts/library/src/utilities/UtilityUnitTests.test.ts @@ -1569,8 +1569,16 @@ describe('isSafeUrl', () => { expect(utils.isSafeUrl('file:///etc/passwd')).toBe(false); }); - test('Should block ftp: protocol', () => { - expect(utils.isSafeUrl('ftp://example.com/file')).toBe(false); + test('Should allow ftp: protocol', () => { + expect(utils.isSafeUrl('ftp://example.com/file')).toBe(true); + }); + + test('Should allow mailto: protocol', () => { + expect(utils.isSafeUrl('mailto:user@example.com')).toBe(true); + }); + + test('Should allow tel: protocol', () => { + expect(utils.isSafeUrl('tel:+1234567890')).toBe(true); }); test('Should block custom: protocol', () => { diff --git a/packages/charts/react-charts/library/src/utilities/utilities.ts b/packages/charts/react-charts/library/src/utilities/utilities.ts index f72047a38c0074..60bb13df9bf154 100644 --- a/packages/charts/react-charts/library/src/utilities/utilities.ts +++ b/packages/charts/react-charts/library/src/utilities/utilities.ts @@ -2713,7 +2713,7 @@ const truncateTextToFitWidth = (text: string, maxWidth: number, measure: (s: str export function isSafeUrl(href: string): boolean { if (/^[a-z][a-z0-9+.-]*:/i.test(href)) { - return /^https?:/i.test(href); + return /^(https?|mailto|tel|ftp):/i.test(href); } return true; } From 7773843d645518c494d6a42c779d2728f5565ee2 Mon Sep 17 00:00:00 2001 From: mainframev Date: Thu, 9 Apr 2026 17:10:33 +0200 Subject: [PATCH 2/2] chore: change files --- ...eact-charting-f3b97d35-d40a-4e05-ab50-3a1d6d34a0ce.json | 7 +++++++ ...-react-charts-81c5619a-02e7-4074-9355-e7565f999790.json | 7 +++++++ 2 files changed, 14 insertions(+) create mode 100644 change/@fluentui-react-charting-f3b97d35-d40a-4e05-ab50-3a1d6d34a0ce.json create mode 100644 change/@fluentui-react-charts-81c5619a-02e7-4074-9355-e7565f999790.json diff --git a/change/@fluentui-react-charting-f3b97d35-d40a-4e05-ab50-3a1d6d34a0ce.json b/change/@fluentui-react-charting-f3b97d35-d40a-4e05-ab50-3a1d6d34a0ce.json new file mode 100644 index 00000000000000..9945c94ba81b90 --- /dev/null +++ b/change/@fluentui-react-charting-f3b97d35-d40a-4e05-ab50-3a1d6d34a0ce.json @@ -0,0 +1,7 @@ +{ + "type": "patch", + "comment": "fix: isSafeUrl utility", + "packageName": "@fluentui/react-charting", + "email": "vgenaev@gmail.com", + "dependentChangeType": "patch" +} diff --git a/change/@fluentui-react-charts-81c5619a-02e7-4074-9355-e7565f999790.json b/change/@fluentui-react-charts-81c5619a-02e7-4074-9355-e7565f999790.json new file mode 100644 index 00000000000000..8d9b8ddfc5c66c --- /dev/null +++ b/change/@fluentui-react-charts-81c5619a-02e7-4074-9355-e7565f999790.json @@ -0,0 +1,7 @@ +{ + "type": "patch", + "comment": "fix: isSafeUrl utility", + "packageName": "@fluentui/react-charts", + "email": "vgenaev@gmail.com", + "dependentChangeType": "patch" +}