| 1 | "use strict";
|
|---|
| 2 | Object.defineProperty(exports, "__esModule", { value: true });
|
|---|
| 3 | exports.sanitizeUrl = void 0;
|
|---|
| 4 | var constants_1 = require("./constants");
|
|---|
| 5 | function isRelativeUrlWithoutProtocol(url) {
|
|---|
| 6 | return constants_1.relativeFirstCharacters.indexOf(url[0]) > -1;
|
|---|
| 7 | }
|
|---|
| 8 | // adapted from https://stackoverflow.com/a/29824550/2601552
|
|---|
| 9 | function decodeHtmlCharacters(str) {
|
|---|
| 10 | var removedNullByte = str.replace(constants_1.ctrlCharactersRegex, "");
|
|---|
| 11 | return removedNullByte.replace(constants_1.htmlEntitiesRegex, function (match, dec) {
|
|---|
| 12 | return String.fromCharCode(dec);
|
|---|
| 13 | });
|
|---|
| 14 | }
|
|---|
| 15 | function sanitizeUrl(url) {
|
|---|
| 16 | if (!url) {
|
|---|
| 17 | return constants_1.BLANK_URL;
|
|---|
| 18 | }
|
|---|
| 19 | var sanitizedUrl = decodeHtmlCharacters(url)
|
|---|
| 20 | .replace(constants_1.htmlCtrlEntityRegex, "")
|
|---|
| 21 | .replace(constants_1.ctrlCharactersRegex, "")
|
|---|
| 22 | .trim();
|
|---|
| 23 | if (!sanitizedUrl) {
|
|---|
| 24 | return constants_1.BLANK_URL;
|
|---|
| 25 | }
|
|---|
| 26 | if (isRelativeUrlWithoutProtocol(sanitizedUrl)) {
|
|---|
| 27 | return sanitizedUrl;
|
|---|
| 28 | }
|
|---|
| 29 | var urlSchemeParseResults = sanitizedUrl.match(constants_1.urlSchemeRegex);
|
|---|
| 30 | if (!urlSchemeParseResults) {
|
|---|
| 31 | return sanitizedUrl;
|
|---|
| 32 | }
|
|---|
| 33 | var urlScheme = urlSchemeParseResults[0];
|
|---|
| 34 | if (constants_1.invalidProtocolRegex.test(urlScheme)) {
|
|---|
| 35 | return constants_1.BLANK_URL;
|
|---|
| 36 | }
|
|---|
| 37 | return sanitizedUrl;
|
|---|
| 38 | }
|
|---|
| 39 | exports.sanitizeUrl = sanitizeUrl;
|
|---|
