mirror of
https://github.com/Sevichecc/Urara-Blog.git
synced 2025-05-03 13:19:29 +08:00
23 lines
815 B
Text
23 lines
815 B
Text
/**
|
|
* Make a value safe for injection as a URL.
|
|
*
|
|
* This encodes unsafe characters with percent-encoding and skips already
|
|
* encoded sequences (see `normalizeUri` below).
|
|
* Further unsafe characters are encoded as character references (see
|
|
* `micromark-util-encode`).
|
|
*
|
|
* Then, a regex of allowed protocols can be given, in which case the URL is
|
|
* sanitized.
|
|
* For example, `/^(https?|ircs?|mailto|xmpp)$/i` can be used for `a[href]`,
|
|
* or `/^https?$/i` for `img[src]`.
|
|
* If the URL includes an unknown protocol (one not matched by `protocol`, such
|
|
* as a dangerous example, `javascript:`), the value is ignored.
|
|
*
|
|
* @param {string|undefined} url
|
|
* @param {RegExp} [protocol]
|
|
* @returns {string}
|
|
*/
|
|
export function sanitizeUri(
|
|
url: string | undefined,
|
|
protocol?: RegExp | undefined
|
|
): string
|