cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAPUI5: URL Whitelist Filtering

Former Member

on ‎03-27-2017 1:28 PM

0 Kudos

Hi All,

I am currently trying to apply URL Whitelist Filtering in a standard SAP Fiori application. The code looks as follows:

Controller.js

 handleLinkPress: function (evt) {
    jQuery.sap.addUrlWhitelist("https","google.com");
    jQuery.sap.validateUrl("google.com");
},

View.xml

<Link
text="Open SAP Homepage"
target="_blank"
href="http://www.sap.com" />

If I understood the concept well, i have added now to the Whitelist only https://google.com should be allowed in the href. The reaction i expected is that when pressing the link it wouldn't open sap.com and give me an error. However, the website sap.com is opened.

As far as I understood the Whitelist concept, it's basically a list of URLs which are allowed to navigate to outside of the application. It would be hugely appreciated if somebody can bring guidance on how to implement this.

I have used the following link: https://www.yumpu.com/en/document/view/36005412/sap-ui5-developer-guide-for-sap-hana-en/421

Kind regards,

Zakaria

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

kammaje_cis
Active Contributor
‎03-28-2017 4:55 AM

As per the documentation here, SAP only uses the whitelist for sanitizing the input content for controls sap.ui.richttexteditor.RichTextEditor and the sap.ui.core.HTML

If you want to use it for other purposes, then you need to extend the corresponding controls.

Show replies
Show replies
Former Member
‎03-28-2017 8:38 AM
0 Kudos

Hi Krishna, thanks for you answer and support. It's appreciated, could you give an eample on how to perform this?

former_member228602
Contributor
‎03-28-2017 12:58 AM
0 Kudos

Hello Zakaria,

There is no implicit check done by UI5. These api are available to you to perform the checks. You cannot have href and press event.

hrefURI

The link target URI. Supports standard hyperlink behavior. If a JavaScript action should be triggered, this should not be set, but instead an event handler for the "press" event should be registered.

Maybe you can have the check in event handler for whitelisted URL and perform the action.

Thanks and Regards,

Veera

Show replies
Show replies
Ask a Question