2026-03-30 01:38:00 +05:30
|
|
|
export function sanitizeHref(href?: string): string | undefined {
|
2026-03-30 01:50:41 +05:30
|
|
|
if (!href) return undefined;
|
|
|
|
|
const candidate = href.trim();
|
|
|
|
|
if (!candidate) return undefined;
|
2026-03-30 01:38:00 +05:30
|
|
|
|
2026-03-30 01:50:41 +05:30
|
|
|
if (
|
|
|
|
|
candidate.startsWith("/") ||
|
|
|
|
|
candidate.startsWith("./") ||
|
|
|
|
|
candidate.startsWith("../") ||
|
|
|
|
|
candidate.startsWith("?") ||
|
|
|
|
|
candidate.startsWith("#")
|
|
|
|
|
) {
|
|
|
|
|
if (candidate.startsWith("//")) return undefined;
|
2026-03-31 21:42:03 -07:00
|
|
|
// biome-ignore lint/suspicious/noControlCharactersInRegex: intentionally matching control characters
|
2026-03-30 01:50:41 +05:30
|
|
|
if (/[\u0000-\u001F\u007F]/.test(candidate)) return undefined;
|
|
|
|
|
return candidate;
|
|
|
|
|
}
|
2026-03-30 01:38:00 +05:30
|
|
|
|
2026-03-30 01:50:41 +05:30
|
|
|
try {
|
|
|
|
|
const url = new URL(candidate);
|
|
|
|
|
if (url.protocol === "http:" || url.protocol === "https:") {
|
|
|
|
|
return url.toString();
|
|
|
|
|
}
|
|
|
|
|
} catch {
|
|
|
|
|
return undefined;
|
|
|
|
|
}
|
|
|
|
|
return undefined;
|
2026-03-30 01:38:00 +05:30
|
|
|
}
|
