JavaScript function to sanitize a URL.
/**
* Sanitize a URL.
*
* Source @braintree/sanitize-url
* <https://github.com/braintree/sanitize-url>
*
* @param {string} url
* @return {string}
*/
function sanitizeUrl(url) {
if (!url) {
return "about:blank";
}
var invalidProtocolRegex = /^(%20|\s)*(javascript|data|vbscript)/im;
var ctrlCharactersRegex = /[^\x20-\x7EÀ-ž]/gim;
var urlSchemeRegex = /^([^:]+):/gm;
var relativeFirstCharacters = [".", "/"];
function _isRelativeUrlWithoutProtocol(url) {
return relativeFirstCharacters.indexOf(url[0]) > -1;
}
var sanitizedUrl = url.replace(ctrlCharactersRegex, "").trim();
if (_isRelativeUrlWithoutProtocol(sanitizedUrl)) {
return sanitizedUrl;
}
var urlSchemeParseResults = sanitizedUrl.match(urlSchemeRegex);
if (!urlSchemeParseResults) {
return sanitizedUrl;
}
var urlScheme = urlSchemeParseResults[0];
if (invalidProtocolRegex.test(urlScheme)) {
return "about:blank";
}
return sanitizedUrl;
}