Skip to Content
avatar image
Former Member

SAPUI5: URL Whitelist Filtering

Hi All,

I am currently trying to apply URL Whitelist Filtering in a standard SAP Fiori application. The code looks as follows:

Controller.js

 handleLinkPress: function (evt) {
    jQuery.sap.addUrlWhitelist("https","google.com");
    jQuery.sap.validateUrl("google.com");
},

View.xml

<Link
text="Open SAP Homepage"
target="_blank"
href="http://www.sap.com" />

If I understood the concept well, i have added now to the Whitelist only https://google.com should be allowed in the href. The reaction i expected is that when pressing the link it wouldn't open sap.com and give me an error. However, the website sap.com is opened.

As far as I understood the Whitelist concept, it's basically a list of URLs which are allowed to navigate to outside of the application. It would be hugely appreciated if somebody can bring guidance on how to implement this.

I have used the following link: https://www.yumpu.com/en/document/view/36005412/sap-ui5-developer-guide-for-sap-hana-en/421

Kind regards,

Zakaria

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Mar 28, 2017 at 03:55 AM

    As per the documentation here, SAP only uses the whitelist for sanitizing the input content for controls sap.ui.richttexteditor.RichTextEditor and the sap.ui.core.HTML

    If you want to use it for other purposes, then you need to extend the corresponding controls.

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hi Krishna, thanks for you answer and support. It's appreciated, could you give an eample on how to perform this?

  • Mar 27, 2017 at 11:58 PM

    Hello Zakaria,

    There is no implicit check done by UI5. These api are available to you to perform the checks. You cannot have href and press event.

    href URI

    The link target URI. Supports standard hyperlink behavior. If a JavaScript action should be triggered, this should not be set, but instead an event handler for the "press" event should be registered.

    Maybe you can have the check in event handler for whitelisted URL and perform the action.

    Thanks and Regards,

    Veera

    Add comment
    10|10000 characters needed characters exceeded