feat: add param to disable url checks for social embed

Author: shreya-kamble

src/toRedactor.tsx

@@ -494,15 +494,19 @@ export const toRedactor = (jsonValue: any,options?:IJsonToHtmlOptions) : string
         }
         figureStyles.fieldsEdited.push(figureStyles.caption)
       }
-      if (jsonValue['type'] === 'social-embeds') {
-        const sanitizedHTML = DOMPurify.sanitize(allattrs['src'])
-        const urlMatch:any = sanitizedHTML.match(/https?:\/\/[^\s"'>]+/);
-        if (urlMatch && urlMatch[0] !== 'undefined') {
-        attrsJson['src'] = decodeURIComponent(urlMatch[0])
-        } else{
-          attrsJson['src'] = " "
-        }
-      }
+    
+      if (!options?.skipURLSanitization && jsonValue['type'] === 'social-embeds') {
+        const sanitizedHTML = DOMPurify.sanitize(allattrs['src']);
+  
+        const urlMatch = sanitizedHTML.match(/https?:\/\/[^\s"'<>()]+/);
+    
+        if (urlMatch) {
+            attrsJson['src'] = decodeURIComponent(urlMatch[0]);
+        } else {
+            delete attrsJson['src'];
+        } 
+    }
+    
       if(!(options?.customElementTypes && !isEmpty(options.customElementTypes) && options.customElementTypes[jsonValue['type']])) {
         delete attrsJson['url']
       }

src/types.ts

@@ -20,4 +20,5 @@ export interface IJsonToHtmlOptions {
     customElementTypes?: IJsonToHtmlElementTags,
     customTextWrapper?: IJsonToHtmlTextTags,
     allowNonStandardTypes?: boolean,
+    skipURLSanitization?:boolean
 }

test/expectedJson.ts

@@ -2002,9 +2002,9 @@ export default {
     },
     "RT-360":{  
         "html": [
-            `<iframe src="https://www.youtube.com/embed/VD6xJq8NguY" width="560" height="320" data-type="social-embeds" ></iframe>`,
-            `<iframe src=" " width="560" height="320" data-type="social-embeds" ></iframe>`,
-            '<iframe src=" " width="560" height="320" data-type="social-embeds" ></iframe>',
+            `<iframe src="https://www.youtube.com/watch?v=Gw7EqoOYC9A" width="560" height="320" data-type="social-embeds" ></iframe>`,
+            `<iframe width="560" height="320" data-type="social-embeds" ></iframe>`,
+            '<iframe width="560" height="320" data-type="social-embeds" ></iframe>',
         ],
         "json": 
         [
@@ -2017,7 +2017,7 @@ export default {
                         "uid": "45a850acbeb949db86afe415625ad1ce",
                         "type": "social-embeds",
                         "attrs": {
-                            "src": "https://www.youtube.com/embed/VD6xJq8NguY\"></iframe><script>alert(document.cookie)</script><iframe ",
+                            "src": "https://www.youtube.com/watch?v=Gw7EqoOYC9A\"></iframe><script>alert(document.cookie)</script><iframe ",
                             "width": 560,
                             "height": 320
                         },
@@ -2061,7 +2061,7 @@ export default {
                     "uid": "45a850acbeb949db86afe415625ad1ce",
                     "type": "social-embeds",
                     "attrs": {
-                      "src": "www.youtube.com/embed/VD6xJq8NguY",
+                      "src": "www.youtube.com/watch?v=Gw7EqoOYC9A",
                       "width": 560,
                       "height": 320
                     },