allow to redirect only for whitelisted trusted protocols (#17559)

* fix IDE-69: allow to redirect only for whitelisted trusted protocols

* Update components/dashboard/src/service/service.tsx

Co-authored-by: Filip Troníček <[email protected]>

* drop security

---------

Co-authored-by: Filip Troníček <[email protected]>

Author: akosyakov

components/dashboard/src/service/service.tsx

@@ -191,7 +191,10 @@ export class IDEFrontendService implements IDEFrontendDashboardService.IServer {
         let redirect = false;
         try {
             const desktopLink = new URL(url);
-            redirect = desktopLink.protocol !== "http:" && desktopLink.protocol !== "https:";
+            // allow to redirect only for whitelisted trusted protocols
+            // IDE-69
+            const trustedProtocols = ["vscode:", "vscode-insiders:", "jetbrains-gateway:"];
+            redirect = trustedProtocols.includes(desktopLink.protocol);
         } catch (e) {
             console.error("invalid desktop link:", e);
         }