Disallow links without protocol (e.g. starting with http(s)://) in LinkedText. (#32972)

* Disallow links without protocols in LinkedText.

* Update tests

Author: Half-Shot

apps/web/playwright/e2e/links/messages.spec.ts

@@ -14,7 +14,7 @@ test.describe("Message links", () => {
             await use({ roomId });
         },
     });
-    for (const link of ["https://example.org", "example.org", "ftp://example.org"]) {
+    for (const link of ["https://example.org", "ftp://example.org"]) {
         test(`should linkify a regular link '${link}'`, async ({ page, user, app, room }) => {
             await page.goto(`#/room/${room.roomId}`);
             // Needs to be unformatted so we test linkifing
@@ -24,6 +24,13 @@ test.describe("Message links", () => {
             await expect(linkElement).toBeVisible();
         });
     }
+    test("should NOT linkify a bare domain", async ({ page, user, app, room }) => {
+        await page.goto(`#/room/${room.roomId}`);
+        // Needs to be unformatted so we test linkifing
+        await app.client.sendMessage(room.roomId, `Check out example.org`);
+        const linkElement = page.locator(".mx_EventTile_last").getByRole("link", { name: "example.org" });
+        await expect(linkElement).not.toBeVisible();
+    });
     test("should linkify a User ID", async ({ page, user, app, room }) => {
         await page.goto(`#/room/${room.roomId}`);
         // Needs to be unformatted so we test linkifing

apps/web/playwright/e2e/links/topic.spec.ts

@@ -14,13 +14,7 @@ test.describe("Topic links", () => {
             await use({ roomId });
         },
     });
-    for (const link of [
-        "https://example.org",
-        "example.org",
-        "ftp://example.org",
-        "#aroom:example.org",
-        "@alice:example.org",
-    ]) {
+    for (const link of ["https://example.org", "ftp://example.org", "#aroom:example.org", "@alice:example.org"]) {
         // Playwright treats '@' as a tag, so replace it to be safe
         test(`should linkify plaintext '${link.replace("@", "_@")}'`, async ({ page, user, app, room }) => {
             await app.client.sendStateEvent(

packages/shared-components/src/core/utils/LinkedText/LinkedText.test.tsx

@@ -49,6 +49,15 @@ describe("LinkedText", () => {
         expect(container).toMatchSnapshot();
     });
 
+    it("does not linkify domains without a protocol.", () => {
+        const { queryAllByRole } = render(
+            <LinkedTextContext value={{}}>
+                <LinkedText>Check out this link github.com</LinkedText>
+            </LinkedTextContext>,
+        );
+        expect(queryAllByRole("link")).toHaveLength(0);
+    });
+
     it("renders a user ID", () => {
         const { container } = render(<WithUserId />);
         expect(container).toMatchSnapshot();
@@ -73,7 +82,7 @@ describe("LinkedText", () => {
         const fn = vitest.fn();
         const { getAllByRole } = render(
             <LinkedTextContext value={{}}>
-                <LinkedText onLinkClick={fn}>Check out this link https://google.com and example.org</LinkedText>
+                <LinkedText onLinkClick={fn}>Check out this link https://google.com and https://example.org</LinkedText>
             </LinkedTextContext>,
         );
         const links = getAllByRole("link");

packages/shared-components/src/core/utils/linkify.ts

@@ -228,10 +228,10 @@ export function generateLinkedTextOptions({
             : undefined),
         // By default, ignore Matrix ID types.
         // Other applications may implement their own version of LinkifyComponent.
-        validate: (_value, type: string) =>
+        validate: (value, type: string) =>
             !!(type === LinkifyMatrixOpaqueIdType.UserId && userIdListener) ||
             !!(type === LinkifyMatrixOpaqueIdType.RoomAlias && roomAliasListener) ||
-            type === LinkifyMatrixOpaqueIdType.URL,
+            !!(type === LinkifyMatrixOpaqueIdType.URL && URL.canParse(value)),
     } satisfies linkifyjs.Opts;
 }