| 1234567891011121314151617181920212223242526272829303132333435363738394041 |
- 'use strict';
- var invalidPrototcolRegex = /^(%20|\s)*(javascript|data)/im;
- var ctrlCharactersRegex = /[^\x20-\x7E]/gmi;
- var urlSchemeRegex = /^([^:]+):/gm;
- var relativeFirstCharacters = ['.', '/']
- function isRelativeUrl(url) {
- return relativeFirstCharacters.indexOf(url[0]) > -1;
- }
- function sanitizeUrl(url) {
- if (!url) {
- return 'about:blank';
- }
- var urlScheme, urlSchemeParseResults;
- var sanitizedUrl = url.replace(ctrlCharactersRegex, '').trim();
- if (isRelativeUrl(sanitizedUrl)) {
- return sanitizedUrl;
- }
- urlSchemeParseResults = sanitizedUrl.match(urlSchemeRegex);
- if (!urlSchemeParseResults) {
- return 'about:blank';
- }
- urlScheme = urlSchemeParseResults[0];
- if (invalidPrototcolRegex.test(urlScheme)) {
- return 'about:blank';
- }
- return sanitizedUrl;
- }
- module.exports = {
- sanitizeUrl: sanitizeUrl
- };
|
