feat: introducing Web-Embeds (alias iframe element) (#6691)

Co-authored-by: dwelle <luzar.david@gmail.com>
2025-05-03 10:00:07 -04:00 · 2023-07-24 16:51:53 +02:00 · 2023-07-24 16:51:53 +02:00 · b57b3b573d
commit b57b3b573d
parent 744e5b2ab3
48 changed files with 1923 additions and 234 deletions
--- a/src/data/restore.ts
+++ b/src/data/restore.ts
@ -64,6 +64,7 @@ export const AllowedExcalidrawActiveTools: Record<
  eraser: false,
  custom: true,
  frame: true,
+  embeddable: true,
  hand: true,
 };

@ -275,6 +276,10 @@ const restoreElement = (
      return restoreElementWithProperties(element, {});
    case "diamond":
      return restoreElementWithProperties(element, {});
+    case "embeddable":
+      return restoreElementWithProperties(element, {
+        validated: undefined,
+      });
    case "frame":
      return restoreElementWithProperties(element, {
        name: element.name ?? null,
--- a/src/data/url.ts
+++ b/src/data/url.ts
@ -1,9 +1,35 @@
 import { sanitizeUrl } from "@braintree/sanitize-url";

 export const normalizeLink = (link: string) => {
+  link = link.trim();
+  if (!link) {
+    return link;
+  }
  return sanitizeUrl(link);
 };

 export const isLocalLink = (link: string | null) => {
  return !!(link?.includes(location.origin) || link?.startsWith("/"));
 };
+
+/**
+ * Returns URL sanitized and safe for usage in places such as
+ * iframe's src attribute or <a> href attributes.
+ */
+export const toValidURL = (link: string) => {
+  link = normalizeLink(link);
+
+  // make relative links into fully-qualified urls
+  if (link.startsWith("/")) {
+    return `${location.origin}${link}`;
+  }
+
+  try {
+    new URL(link);
+  } catch {
+    // if link does not parse as URL, assume invalid and return blank page
+    return "about:blank";
+  }
+
+  return link;
+};