search

appsmithorg / appsmith

Platform to build admin panels, internal tools, and dashboards. Integrates with 25+ databases and any API.
https://www.appsmith.com
Apache License 2.0
33.13k stars 3.6k forks source link

[Bug]-[110]:Strengthen URL validation rules and error messages on Library URL input #20880

Open bharath31 opened 1 year ago

bharath31 commented 1 year ago

Is there an existing issue for this?

Description

The current validation rules on the Library URL input field are weak and allow users to trigger installations with an invalid URL. The generic error message also misleads users into thinking that the library is unsupported.

An appropriate error message should be shown for the following cases:

1. Invalid URLs eg : import googleSearch from 'https://cdn.jsdelivr.net/npm/google-search@0.0.5/+esm'

Expected behavior: The install button should be disabled and an error message should be shown Please enter a valid URL

2. URLs with trailing special characters eg : https://cdn.auth0.com/js/auth0-spa-js/2.0/auth0-spa-js.production.js"

Expected behavior: All trailing special characters and empty spaces should automatically be removed before commencing the library installation

3. URLs that do not host a JS script eg : https://www.jsdelivr.com/package/npm/crypto-js

Expected behavior: The URL source should be scanned for available hosted scripts and an error popup should be shown The URL does not point to a JS library script. Please make sure that the URL points to a library's index file(usually ends with .min.js)

Steps To Reproduce

  1. Hit the plus button next to the Library section
  2. Try installing a library with one of the invalid URLs mentioned above
  3. Notice that the installation starts and a generic "Library unsupported" error is thrown

Public Sample App

No response

Issue video log

No response

Version

Cloud

bharath31 commented 1 year ago

@ramsaptami @AnandiKulkarni could you run a more exhaustive test to find other URL validation issues and add them to the list above?

bharath31 commented 1 year ago

Designs for error state

bharath31 commented 1 year ago

Assuming 50% of installation failures can be prevented using better validation rules

Stats

Stat Values
Reach 110
Effort (months) 0.5
Druthi commented 1 year ago

@bharath31 Some issues with the requirements here a. 1 and 3 cannot be done without downloading the libraires and executing it b. 3 is not straight forward as some libraries can even return HTML. There is no clear way of figuring out whether whether URL hosts a JS script c. There are some characters that are disallowed to be added in a url however it is high effort. Arun mentioned that a one click download UI is something we may do in V2 and that would have a higher impact than this.

So doesn't make sense to pick up these tasks.