Page MenuHomePhabricator
Differential D18196

[Cashtab] Add a component to handle external links
ClosedPublic
Actions

Authored by bytesofman on Jun 3 2025, 22:38.

Details

Reviewers
emack
Group Reviewers
Restricted Project
Commits
rABC18f953def5b9: [Cashtab] Add a component to handle external links
Summary

Cashtab links to tokenDocumentUrls which are un-reviewed and could go anywhere. We should notify users.

Introduce a portable component to handle this on the Token page. This component can be used in other places where we may encounter links, like Cashtab Msgs or Airdrop msgs.

Some style modifications to the Modal were necessary to support its use anywhere (being wrapped by the flex table holding the link modified styles)

Test Plan

npm test

can try it out at cashtab.io, go to a token page with a url e.g. https://cashtab.io/#/token/9e0a9d4720782cf661beaea6c5513f1972e0f3b1541ba4c83f4c87ef65f843dc , click the url, see modal

Diff Detail

Repository
rABC Bitcoin ABC
Branch
external-link-warning
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 33520
Build 66519: Build Diffcashtab-tests
Build 66518: arc lint + arc unit

Event Timeline

bytesofman created this revision.Jun 3 2025, 22:38
Herald added a reviewer: Restricted Project. · View Herald TranscriptJun 3 2025, 22:38
Harbormaster completed remote builds in B33517: Diff 54319.Jun 3 2025, 22:38
bytesofman updated this revision to Diff 54320.Jun 3 2025, 23:02

remove debug logs, improve styles

Harbormaster completed remote builds in B33518: Diff 54320.Jun 3 2025, 23:02
bytesofman updated this revision to Diff 54321.Jun 3 2025, 23:02

lint

Harbormaster completed remote builds in B33519: Diff 54321.Jun 3 2025, 23:02
bytesofman updated this revision to Diff 54322.Jun 3 2025, 23:10

remove unused styled component, drop unset all

Harbormaster completed remote builds in B33520: Diff 54322.Jun 3 2025, 23:15
bytesofman updated this revision to Diff 54323.Jun 3 2025, 23:16

remove extra css rule, comments, remove toLowerCase

bytesofman edited the test plan for this revision. (Show Details)Jun 3 2025, 23:17
Harbormaster completed remote builds in B33521: Diff 54323.Jun 3 2025, 23:21
bytesofman published this revision for review.Jun 3 2025, 23:30
emack requested changes to this revision.Jun 4 2025, 00:47
emack added a subscriber: emack.

I assume the error in token icon submission is because cashtab dot io is not whitelisted with the token icon server?

image.png (133×418 px, 12 KB)

cashtab/src/components/Common/UncontrolledLink.tsx
89 ↗(On Diff #54323)

should make this .startsWith rather than includes, to mitigate urls with a scam domain but the url string contains cashtab.com...etc as a querystring parameter.

108 ↗(On Diff #54323)

on Ok it should close the modal as well

114 ↗(On Diff #54323)

wrap the url, particularly to save mobile users needing to swipe right to see a long url

image.png (547×406 px, 78 KB)

This revision now requires changes to proceed.Jun 4 2025, 00:47
bytesofman updated this revision to Diff 54326.Jun 4 2025, 05:18
bytesofman marked 3 inline comments as done.

wrap text, close modal after opening link

Harbormaster completed remote builds in B33524: Diff 54326.Jun 4 2025, 05:24
bytesofman added a comment.Jun 4 2025, 05:39

I assume the error in token icon submission is because cashtab dot io is not whitelisted with the token icon server?

D18197

cashtab/src/components/Common/UncontrolledLink.tsx
89 ↗(On Diff #54323)

in this case, it's actually more strict to use .includes ... tho ofc .startsWith would work in much the same way, also restricting to the correct domain. I also looked at using .toLowerCase()

We aren't checking if the url happens to include https://cashtab.com/ in it somewhere -- we are checking if APPROVED_URLS contains a string that exactly matches url. So, for example, https://stakedxec.com and https://cashtab.com/home would both fail and pull up the modal.

The reason I went with .includes:

  • XECX uses this exact capitalization. If another token is going to the same url with different capitalization ... really there is prob something scammy about it.
  • ditto firma
  • ditto cashtab.com default tokens

For now, erring on the side of "showing the modal too often" is I think the best policy, even if othoer cashtab URLs are (hopefully never) scams.

image.png (170×267 px, 10 KB)

108 ↗(On Diff #54323)

nice good catch

114 ↗(On Diff #54323)

nice, added

emack requested changes to this revision.Jun 4 2025, 06:01
emack added inline comments.
cashtab/src/components/Common/UncontrolledLink.tsx
63 ↗(On Diff #54326)

I think this needs to be break-word since urls are one long unbroken word that break-all wouldn't mitigate

image.png (137×422 px, 31 KB)

This revision now requires changes to proceed.Jun 4 2025, 06:01
bytesofman updated this revision to Diff 54337.Jun 4 2025, 14:46

patch css for link wrap

bytesofman marked an inline comment as done.Jun 4 2025, 14:47
bytesofman added inline comments.
cashtab/src/components/Common/UncontrolledLink.tsx
63 ↗(On Diff #54326)

nice, updated

image.png (415×323 px, 46 KB)

emack accepted this revision.Jun 4 2025, 14:48
This revision is now accepted and ready to land.Jun 4 2025, 14:48
Harbormaster completed remote builds in B33530: Diff 54337.Jun 4 2025, 14:52
Closed by commit rABC18f953def5b9: [Cashtab] Add a component to handle external links (authored by bytesofman). · Explain WhyJun 4 2025, 14:52
This revision was automatically updated to reflect the committed changes.
bytesofman marked an inline comment as done.
bytesofman added a commit: rABC18f953def5b9: [Cashtab] Add a component to handle external links.

Revision Contents
Changeset List

PathSize
cashtab/
src/
components/
Common/
4 lines
121 lines
__tests__/
51 lines
Etokens/
Token/
18 lines

Diff 54322

View Options

cashtab/src/components/Common/Modal.tsx

Loading...
View Options

cashtab/src/components/Common/UncontrolledLink.tsx

Loading...
View Options

cashtab/src/components/Common/__tests__/UncontrolledLink.test.tsx

Loading...
View Options

cashtab/src/components/Etokens/Token/index.tsx

Loading...