Spaces:
Sleeping
Sleeping
| /** | |
| * Parse an untrusted href (e.g. forwarded via postMessage from a sandboxed | |
| * artifact preview) into a URL that is safe to open in a new tab. Only | |
| * absolute http(s) URLs survive; anything else (javascript:, data:, relative, | |
| * malformed) returns undefined. URLs with embedded credentials are rejected | |
| * too: `https://trusted.com@evil.com` is a phishing classic, and userinfo | |
| * breaks the guarantee that the confirm dialog renders exactly what opens. | |
| */ | |
| export function parseExternalUrl(href: unknown): URL | undefined { | |
| if (typeof href !== "string") return undefined; | |
| let url: URL; | |
| try { | |
| url = new URL(href); | |
| } catch { | |
| return undefined; | |
| } | |
| if (url.protocol !== "http:" && url.protocol !== "https:") return undefined; | |
| if (url.username || url.password) return undefined; | |
| return url; | |
| } | |