Moves some logic into StringExtensions, updates tests, adds other tests

src/Umbraco.Core/StringExtensions.cs

@@ -15,6 +15,7 @@ using Umbraco.Core.Configuration;
 using System.Web.Security;
 using Umbraco.Core.Strings;
 using Umbraco.Core.CodeAnnotations;
+using Umbraco.Core.IO;
 
 namespace Umbraco.Core
 {
@@ -59,6 +60,50 @@ namespace Umbraco.Core
 
         }
 
+        /// <summary>
+        /// Based on the input string, this will detect if the strnig is a JS path or a JS snippet.
+        /// If a path cannot be determined, then it is assumed to be a snippet the original text is returned
+        /// with an invalid attempt, otherwise a valid attempt is returned with the resolved path
+        /// </summary>
+        /// <param name="input"></param>
+        /// <returns></returns>
+        /// <remarks>
+        /// This is only used for legacy purposes for the Action.JsSource stuff and shouldn't be needed in v8
+        /// </remarks>
+        internal static Attempt<string> DetectIsJavaScriptPath(this string input)
+        {
+            //validate that this is a url, if it is not, we'll assume that it is a text block and render it as a text
+            //block instead.
+            var isValid = true;
+
+            if (Uri.IsWellFormedUriString(input, UriKind.RelativeOrAbsolute))
+            {
+                //ok it validates, but so does alert('hello'); ! so we need to do more checks
+
+                //here are the valid chars in a url without escaping
+                if (Regex.IsMatch(input, @"[^a-zA-Z0-9-._~:/?#\[\]@!$&'\(\)*\+,%;=]"))
+                    isValid = false;
+
+                //we'll have to be smarter and just check for certain js patterns now too!
+                var jsPatterns = new[] { @"\+\s*\=", @"\);", @"function\s*\(", @"!=", @"==" };
+                if (jsPatterns.Any(p => Regex.IsMatch(input, p)))
+                    isValid = false;
+
+                if (isValid)
+                {
+                    var resolvedUrlResult = IOHelper.TryResolveUrl(input);
+                    //if the resolution was success, return it, otherwise just return the path, we've detected
+                    // it's a path but maybe it's relative and resolution has failed, etc... in which case we're just
+                    // returning what was given to us.
+                    return resolvedUrlResult.Success 
+                        ? resolvedUrlResult 
+                        : Attempt.Succeed(input);
+                }
+            }
+
+            return Attempt.Fail(input);
+        }
+
         /// <summary>
         /// This tries to detect a json string, this is not a fail safe way but it is quicker than doing 
         /// a try/catch when deserializing when it is not json.