New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
url-sanitizer
Advanced tools
url-sanitizer - npm Package Compare versions
Comparing version 0.5.4 to 0.5.5
@@ -803,3 +803,2 @@ // src/mjs/common.js | ||
| } | ||
| let sanitizedUrl; | ||
| const { allow, deny, only } = opt ?? {}; | ||
@@ -812,2 +811,3 @@ const schemeMap = /* @__PURE__ */ new Map([ | ||
| ]); | ||
| let restrictScheme = false; | ||
| if (Array.isArray(only) && only.length) { | ||
@@ -834,2 +834,5 @@ const schemes = super.get(); | ||
| } | ||
| if (!restrictScheme && schemeMap.has(item)) { | ||
| restrictScheme = schemeMap.get(item); | ||
| } | ||
| } | ||
@@ -872,2 +875,3 @@ } | ||
| } | ||
| let sanitizedUrl; | ||
| if (super.isURI(url)) { | ||
@@ -878,6 +882,10 @@ const { hash, href, pathname, protocol, search } = new URL(url); | ||
| let bool; | ||
| for (const [key, value] of schemeMap.entries()) { | ||
| bool = value || scheme !== key && schemeParts.every((s) => s !== key); | ||
| if (!bool) { | ||
| break; | ||
| if (restrictScheme) { | ||
| bool = schemeParts.every((s) => schemeMap.get(s)); | ||
| } else { | ||
| for (const [key, value] of schemeMap.entries()) { | ||
| bool = value || scheme !== key && schemeParts.every((s) => s !== key); | ||
| if (!bool) { | ||
| break; | ||
| } | ||
| } | ||
@@ -884,0 +892,0 @@ } |
@@ -1,2 +0,2 @@ | ||
| var g=t=>Object.prototype.toString.call(t).slice(8,-1),m=t=>typeof t=="string"||t instanceof String;var z=[7,8,9,10,11,12,13,27,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255];var D=["aaa","aaas","about","acap","acct","acd","acr","adiumxtra","adt","afp","afs","aim","amss","android","appdata","apt","ar","ark","attachment","aw","barion","beshare","bitcoin","bitcoincash","blob","bolo","browserext","cabal","calculator","callto","cap","cast","casts","chrome","chrome-extension","cid","coap","coaps","com-eventbrite-attendee","content","content-type","crid","cstr","cvs","dab","dat","data","dav","diaspora","dict","did","dis","dlna-playcontainer","dlna-playsingle","dns","dntp","doi","dpp","drm","dtmi","dtn","dvb","dvx","dweb","ed2k","eid","elsi","embedded","ens","ethereum","example","facetime","feed","feedready","fido","file","finger","first-run-pen-experience","fish","fm","ftp","fuchsia-pkg","geo","gg","git","gitoid","gizmoproject","go","gopher","graph","gtalk","h323","ham","hcap","hcp","http","https","hxxp","hxxps","hydrazone","hyper","iax","icap","icon","im","imap","info","iotdisco","ipfs","ipn","ipns","ipp","ipps","irc","irc6","ircs","iris","iris.beep","iris.lwz","iris.xpc","iris.xpcs","isostore","itms","jabber","jar","jms","keyparc","lastfm","lbry","ldap","ldaps","leaptofrogans","lorawan","lpa","lvlt","magnet","mailto","maps","market","matrix","message","microsoft.windows.camera","microsoft.windows.camera.multipicker","microsoft.windows.camera.picker","mid","mms","mongodb","moz","moz-extension","ms-access","ms-appinstaller","ms-browser-extension","ms-calculator","ms-drive-to","ms-enrollment","ms-excel","ms-eyecontrolspeech","ms-gamebarservices","ms-gamingoverlay","ms-getoffice","ms-help","ms-infopath","ms-inputapp","ms-lockscreencomponent-config","ms-media-stream-id","ms-meetnow","ms-mixedrealitycapture","ms-mobileplans","ms-newsandinterests","ms-officeapp","ms-people","ms-powerpoint","ms-project","ms-publisher","ms-remotedesktop-launch","ms-restoretabcompanion","ms-screenclip","ms-screensketch","ms-search","ms-search-repair","ms-secondary-screen-controller","ms-secondary-screen-setup","ms-settings","ms-settings-airplanemode","ms-settings-bluetooth","ms-settings-camera","ms-settings-cellular","ms-settings-cloudstorage","ms-settings-connectabledevices","ms-settings-displays-topology","ms-settings-emailandaccounts","ms-settings-language","ms-settings-location","ms-settings-lock","ms-settings-nfctransactions","ms-settings-notifications","ms-settings-power","ms-settings-privacy","ms-settings-proximity","ms-settings-screenrotation","ms-settings-wifi","ms-settings-workplace","ms-spd","ms-stickers","ms-sttoverlay","ms-transit-to","ms-useractivityset","ms-virtualtouchpad","ms-visio","ms-walk-to","ms-whiteboard","ms-whiteboard-cmd","ms-word","msnim","msrp","msrps","mss","mt","mtqp","mumble","mupdate","mvn","news","nfs","ni","nih","nntp","notes","num","ocf","oid","onenote","onenote-cmd","opaquelocktoken","openpgp4fpr","otpauth","palm","paparazzi","payment","payto","pkcs11","platform","pop","pres","proxy","psyc","pttp","pwid","qb","query","quic-transport","redis","rediss","reload","res","resource","rmi","rsync","rtmfp","rtmp","rtsp","rtsps","rtspu","sarif","secondlife","secret-token","service","session","sftp","sgn","shc","sieve","simpleledger","simplex","sip","sips","skype","smb","smp","sms","smtp","snmp","soap.beep","soap.beeps","soldat","spiffe","spotify","ssb","ssh","starknet","steam","stun","stuns","submit","svn","swh","swid","swidpath","tag","taler","teamspeak","tel","teliaeid","telnet","tftp","things","thismessage","tip","tn3270","tool","turn","turns","tv","udp","unreal","urn","ut2004","uuid-in-package","v-event","vemmi","ventrilo","ves","view-source","vnc","vscode","vscode-insiders","vsls","w3","wcr","web3","webcal","wifi","ws","wss","wtai","wyciwyg","xcon","xcon-userid","xfire","xmlrpc.beep","xmlrpc.beeps","xmpp","xri","ymsgr","z39.50r","z39.50s"];var x=16,K=/^[\da-z+/\-_=]+$/i,Q=/data:[^,]*,[^"]+/g,O=/data:[^,]*;?base64,[\da-z+/\-_=]+/i,V=/[<>"'\s]/g,W=/%(?:2(?:2|7)|3(?:C|E))/g,Z=/&#(x(?:00)?[\dA-F]{2}|0?\d{1,3});?/ig,ee=/^[a-z][\da-z+\-.]*$/,te=/^(?:ext|web)\+[a-z]+$/,v=/(?:java|vb)script/,se=/^%[\dA-F]{2}$/i,re=/%26/g,j=t=>{if(!m(t))throw new TypeError(`Expected String but got ${g(t)}.`);let e=[];for(let r of t)e.push(`%${r.charCodeAt(0).toString(x).toUpperCase()}`);return e.join("")},G=t=>{if(m(t))if(se.test(t))t=t.toUpperCase();else throw new Error(`Invalid URL encoded character: ${t}`);else throw new TypeError(`Expected String but got ${g(t)}.`);let[e,r,o,c,p,l]=["&","#","<",">",'"',"'"].map(j),a;return t===e?a=`${e}amp;`:t===o?a=`${e}lt;`:t===c?a=`${e}gt;`:t===p?a=`${e}quot;`:t===l?a=`${e}${r}39;`:a=t,a},ae=t=>{if(m(t)){if(!K.test(t))throw new Error(`Invalid base64 data: ${t}`)}else throw new TypeError(`Expected String but got ${g(t)}.`);let e=atob(t),r=Uint8Array.from([...e].map(p=>p.charCodeAt(0))),o=new Set(z),c;return r.every(p=>o.has(p))?c=e.replace(/\s/g,j):c=t,c},N=(t,e=0)=>{if(!m(t))throw new TypeError(`Expected String but got ${g(t)}.`);if(Number.isInteger(e)){if(e>x)throw new Error("Character references nested too deeply.")}else throw new TypeError(`Expected Number but got ${g(e)}.`);let r=decodeURIComponent(t);if(/&#/.test(r)){let o=new Set(z),c=[...r.matchAll(Z)].reverse();for(let p of c){let[l,a]=p,i;if(/^x[\dA-F]+/i.test(a)?i=parseInt(`0${a}`,x):/^[\d]+/.test(a)&&(i=parseInt(a)),Number.isInteger(i)){let{index:s}=p,[n,f]=[r.substring(0,s),r.substring(s+l.length)];o.has(i)?(r=`${n}${String.fromCharCode(i)}${f}`,(/#x?$/.test(n)||/^#(?:x(?:00)?[2-7]|\d)/.test(f))&&(r=N(r,++e))):i<x*x&&(r=`${n}${f}`)}}}return r},C=class{#e;constructor(){this.#e=new Set(D)}get(){return[...this.#e]}has(e){return this.#e.has(e)}add(e){if(m(e)){if(v.test(e)||!ee.test(e))throw new Error(`Invalid scheme: ${e}`)}else throw new TypeError(`Expected String but got ${g(e)}.`);return this.#e.add(e),[...this.#e]}remove(e){return this.#e.delete(e)}isURI(e){let r;if(m(e))try{let{protocol:o}=new URL(e),c=o.replace(/:$/,""),p=c.split("+");r=!v.test(c)&&te.test(c)||p.every(l=>this.#e.has(l))}catch{r=!1}return!!r}},T=class extends C{#e;#t;constructor(){super(),this.#e=0,this.#t=new Set}sanitize(e,r={allow:[],deny:[],only:[]}){if(this.#e>x)throw this.#e=0,new Error("Data URLs nested too deeply.");let o,{allow:c,deny:p,only:l}=r??{},a=new Map([["data",!1],["file",!1],["javascrpt",!1],["vbscript",!1]]);if(Array.isArray(l)&&l.length){let i=super.get();for(let n of i)a.set(n,!1);let s=Object.values(l);for(let n of s)if(m(n)&&(n=n.trim(),!v.test(n)))if(super.has(n))a.set(n,!0);else{try{super.add(n)}catch{}super.has(n)&&a.set(n,!0)}}else{if(Array.isArray(c)&&c.length){let i=Object.values(c);for(let s of i)if(m(s)&&(s=s.trim(),!v.test(s)))if(super.has(s))a.set(s,!0);else{try{super.add(s)}catch{}super.has(s)&&a.set(s,!0)}}if(Array.isArray(p)&&p.length){let i=Object.values(p);for(let s of i)m(s)&&(s=s.trim(),s&&a.set(s,!1))}}if(super.isURI(e)){let{hash:i,href:s,pathname:n,protocol:f,search:y}=new URL(e),b=f.replace(/:$/,""),L=b.split("+"),U;for(let[h,w]of a.entries())if(U=w||b!==h&&L.every($=>$!==h),!U)break;if(U){let h,w=s;if(L.includes("data")){let[$,...F]=n.split(","),R=`${F.join(",")}${y}${i}`,E=$.split(";"),d=R;if(E[E.length-1]==="base64")E.pop(),d=ae(R);else try{let S=N(d),{protocol:_}=new URL(S.trim());_.replace(/:$/,"").split("+").some(u=>v.test(u))&&(w="")}catch{}let I=/data:[^,]*,/.test(d);if(d!==R||I){if(I){let _=[...d.matchAll(Q)].reverse();for(let k of _){let[u]=k;O.test(u)&&([u]=O.exec(u)),this.#e++,this.#t.add(u);let M=this.sanitize(u,{allow:["data"]});if(M){let{index:P}=k,[B,Y]=[d.substring(0,P),d.substring(P+u.length)];d=`${B}${M}${Y}`}}this.#t.has(e)?this.#t.delete(e):h=!0}else this.#t.has(e)?this.#t.delete(e):h=!0;w=`${b}:${E.join(";")},${d}`}else this.#t.has(e)?this.#t.delete(e):h=!0}else h=!0;w?(o=w.replace(V,j).replace(re,G),h&&(o=o.replace(W,G),this.#e=0)):(o=w,this.#e=0)}}return o||null}parse(e){if(!m(e))throw new TypeError(`Expected String but got ${g(e)}.`);let r=this.sanitize(e,{allow:["data","file"]}),o=new Map([["input",e]]);if(r){let c=new URL(r),{pathname:p,protocol:l}=c,a=l.replace(/:$/,"").split("+");if(o.set("valid",!0),a.includes("data")){let i=new Map,[s,...n]=p.split(","),f=`${n.join(",")}`,y=s.split(";"),b=y[y.length-1]==="base64";b&&y.pop(),i.set("mime",y.join(";")),i.set("base64",b),i.set("data",f),o.set("data",Object.fromEntries(i))}else o.set("data",null);for(let i in c){let s=c[i];typeof s!="function"&&o.set(i,s)}}else o.set("valid",!1);return Object.fromEntries(o)}},A=new T,q=t=>A.isURI(t),ie=async t=>await q(t),H=(t,e)=>A.sanitize(t,e??{allow:[],deny:[],only:[]}),oe=async(t,e)=>await H(t,e);export{A as default,ie as isURI,q as isURISync,oe as sanitizeURL,H as sanitizeURLSync}; | ||
| var g=t=>Object.prototype.toString.call(t).slice(8,-1),d=t=>typeof t=="string"||t instanceof String;var T=[7,8,9,10,11,12,13,27,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255];var O=["aaa","aaas","about","acap","acct","acd","acr","adiumxtra","adt","afp","afs","aim","amss","android","appdata","apt","ar","ark","attachment","aw","barion","beshare","bitcoin","bitcoincash","blob","bolo","browserext","cabal","calculator","callto","cap","cast","casts","chrome","chrome-extension","cid","coap","coaps","com-eventbrite-attendee","content","content-type","crid","cstr","cvs","dab","dat","data","dav","diaspora","dict","did","dis","dlna-playcontainer","dlna-playsingle","dns","dntp","doi","dpp","drm","dtmi","dtn","dvb","dvx","dweb","ed2k","eid","elsi","embedded","ens","ethereum","example","facetime","feed","feedready","fido","file","finger","first-run-pen-experience","fish","fm","ftp","fuchsia-pkg","geo","gg","git","gitoid","gizmoproject","go","gopher","graph","gtalk","h323","ham","hcap","hcp","http","https","hxxp","hxxps","hydrazone","hyper","iax","icap","icon","im","imap","info","iotdisco","ipfs","ipn","ipns","ipp","ipps","irc","irc6","ircs","iris","iris.beep","iris.lwz","iris.xpc","iris.xpcs","isostore","itms","jabber","jar","jms","keyparc","lastfm","lbry","ldap","ldaps","leaptofrogans","lorawan","lpa","lvlt","magnet","mailto","maps","market","matrix","message","microsoft.windows.camera","microsoft.windows.camera.multipicker","microsoft.windows.camera.picker","mid","mms","mongodb","moz","moz-extension","ms-access","ms-appinstaller","ms-browser-extension","ms-calculator","ms-drive-to","ms-enrollment","ms-excel","ms-eyecontrolspeech","ms-gamebarservices","ms-gamingoverlay","ms-getoffice","ms-help","ms-infopath","ms-inputapp","ms-lockscreencomponent-config","ms-media-stream-id","ms-meetnow","ms-mixedrealitycapture","ms-mobileplans","ms-newsandinterests","ms-officeapp","ms-people","ms-powerpoint","ms-project","ms-publisher","ms-remotedesktop-launch","ms-restoretabcompanion","ms-screenclip","ms-screensketch","ms-search","ms-search-repair","ms-secondary-screen-controller","ms-secondary-screen-setup","ms-settings","ms-settings-airplanemode","ms-settings-bluetooth","ms-settings-camera","ms-settings-cellular","ms-settings-cloudstorage","ms-settings-connectabledevices","ms-settings-displays-topology","ms-settings-emailandaccounts","ms-settings-language","ms-settings-location","ms-settings-lock","ms-settings-nfctransactions","ms-settings-notifications","ms-settings-power","ms-settings-privacy","ms-settings-proximity","ms-settings-screenrotation","ms-settings-wifi","ms-settings-workplace","ms-spd","ms-stickers","ms-sttoverlay","ms-transit-to","ms-useractivityset","ms-virtualtouchpad","ms-visio","ms-walk-to","ms-whiteboard","ms-whiteboard-cmd","ms-word","msnim","msrp","msrps","mss","mt","mtqp","mumble","mupdate","mvn","news","nfs","ni","nih","nntp","notes","num","ocf","oid","onenote","onenote-cmd","opaquelocktoken","openpgp4fpr","otpauth","palm","paparazzi","payment","payto","pkcs11","platform","pop","pres","proxy","psyc","pttp","pwid","qb","query","quic-transport","redis","rediss","reload","res","resource","rmi","rsync","rtmfp","rtmp","rtsp","rtsps","rtspu","sarif","secondlife","secret-token","service","session","sftp","sgn","shc","sieve","simpleledger","simplex","sip","sips","skype","smb","smp","sms","smtp","snmp","soap.beep","soap.beeps","soldat","spiffe","spotify","ssb","ssh","starknet","steam","stun","stuns","submit","svn","swh","swid","swidpath","tag","taler","teamspeak","tel","teliaeid","telnet","tftp","things","thismessage","tip","tn3270","tool","turn","turns","tv","udp","unreal","urn","ut2004","uuid-in-package","v-event","vemmi","ventrilo","ves","view-source","vnc","vscode","vscode-insiders","vsls","w3","wcr","web3","webcal","wifi","ws","wss","wtai","wyciwyg","xcon","xcon-userid","xfire","xmlrpc.beep","xmlrpc.beeps","xmpp","xri","ymsgr","z39.50r","z39.50s"];var b=16,Q=/^[\da-z+/\-_=]+$/i,V=/data:[^,]*,[^"]+/g,G=/data:[^,]*;?base64,[\da-z+/\-_=]+/i,W=/[<>"'\s]/g,Z=/%(?:2(?:2|7)|3(?:C|E))/g,ee=/&#(x(?:00)?[\dA-F]{2}|0?\d{1,3});?/ig,te=/^[a-z][\da-z+\-.]*$/,se=/^(?:ext|web)\+[a-z]+$/,x=/(?:java|vb)script/,re=/^%[\dA-F]{2}$/i,ae=/%26/g,L=t=>{if(!d(t))throw new TypeError(`Expected String but got ${g(t)}.`);let e=[];for(let s of t)e.push(`%${s.charCodeAt(0).toString(b).toUpperCase()}`);return e.join("")},N=t=>{if(d(t))if(re.test(t))t=t.toUpperCase();else throw new Error(`Invalid URL encoded character: ${t}`);else throw new TypeError(`Expected String but got ${g(t)}.`);let[e,s,o,n,l,c]=["&","#","<",">",'"',"'"].map(L),p;return t===e?p=`${e}amp;`:t===o?p=`${e}lt;`:t===n?p=`${e}gt;`:t===l?p=`${e}quot;`:t===c?p=`${e}${s}39;`:p=t,p},ie=t=>{if(d(t)){if(!Q.test(t))throw new Error(`Invalid base64 data: ${t}`)}else throw new TypeError(`Expected String but got ${g(t)}.`);let e=atob(t),s=Uint8Array.from([...e].map(l=>l.charCodeAt(0))),o=new Set(T),n;return s.every(l=>o.has(l))?n=e.replace(/\s/g,L):n=t,n},q=(t,e=0)=>{if(!d(t))throw new TypeError(`Expected String but got ${g(t)}.`);if(Number.isInteger(e)){if(e>b)throw new Error("Character references nested too deeply.")}else throw new TypeError(`Expected Number but got ${g(e)}.`);let s=decodeURIComponent(t);if(/&#/.test(s)){let o=new Set(T),n=[...s.matchAll(ee)].reverse();for(let l of n){let[c,p]=l,i;if(/^x[\dA-F]+/i.test(p)?i=parseInt(`0${p}`,b):/^[\d]+/.test(p)&&(i=parseInt(p)),Number.isInteger(i)){let{index:m}=l,[r,a]=[s.substring(0,m),s.substring(m+c.length)];o.has(i)?(s=`${r}${String.fromCharCode(i)}${a}`,(/#x?$/.test(r)||/^#(?:x(?:00)?[2-7]|\d)/.test(a))&&(s=q(s,++e))):i<b*b&&(s=`${r}${a}`)}}}return s},j=class{#e;constructor(){this.#e=new Set(O)}get(){return[...this.#e]}has(e){return this.#e.has(e)}add(e){if(d(e)){if(x.test(e)||!te.test(e))throw new Error(`Invalid scheme: ${e}`)}else throw new TypeError(`Expected String but got ${g(e)}.`);return this.#e.add(e),[...this.#e]}remove(e){return this.#e.delete(e)}isURI(e){let s;if(d(e))try{let{protocol:o}=new URL(e),n=o.replace(/:$/,""),l=n.split("+");s=!x.test(n)&&se.test(n)||l.every(c=>this.#e.has(c))}catch{s=!1}return!!s}},A=class extends j{#e;#t;constructor(){super(),this.#e=0,this.#t=new Set}sanitize(e,s={allow:[],deny:[],only:[]}){if(this.#e>b)throw this.#e=0,new Error("Data URLs nested too deeply.");let{allow:o,deny:n,only:l}=s??{},c=new Map([["data",!1],["file",!1],["javascrpt",!1],["vbscript",!1]]),p=!1;if(Array.isArray(l)&&l.length){let m=super.get();for(let a of m)c.set(a,!1);let r=Object.values(l);for(let a of r)if(d(a)&&(a=a.trim(),!x.test(a))){if(super.has(a))c.set(a,!0);else{try{super.add(a)}catch{}super.has(a)&&c.set(a,!0)}!p&&c.has(a)&&(p=c.get(a))}}else{if(Array.isArray(o)&&o.length){let m=Object.values(o);for(let r of m)if(d(r)&&(r=r.trim(),!x.test(r)))if(super.has(r))c.set(r,!0);else{try{super.add(r)}catch{}super.has(r)&&c.set(r,!0)}}if(Array.isArray(n)&&n.length){let m=Object.values(n);for(let r of m)d(r)&&(r=r.trim(),r&&c.set(r,!1))}}let i;if(super.isURI(e)){let{hash:m,href:r,pathname:a,protocol:w,search:v}=new URL(e),$=w.replace(/:$/,""),R=$.split("+"),E;if(p)E=R.every(f=>c.get(f));else for(let[f,y]of c.entries())if(E=y||$!==f&&R.every(S=>S!==f),!E)break;if(E){let f,y=r;if(R.includes("data")){let[S,...B]=a.split(","),_=`${B.join(",")}${v}${m}`,U=S.split(";"),h=_;if(U[U.length-1]==="base64")U.pop(),h=ie(_);else try{let k=q(h),{protocol:z}=new URL(k.trim());z.replace(/:$/,"").split("+").some(u=>x.test(u))&&(y="")}catch{}let M=/data:[^,]*,/.test(h);if(h!==_||M){if(M){let z=[...h.matchAll(V)].reverse();for(let C of z){let[u]=C;G.test(u)&&([u]=G.exec(u)),this.#e++,this.#t.add(u);let P=this.sanitize(u,{allow:["data"]});if(P){let{index:D}=C,[Y,X]=[h.substring(0,D),h.substring(D+u.length)];h=`${Y}${P}${X}`}}this.#t.has(e)?this.#t.delete(e):f=!0}else this.#t.has(e)?this.#t.delete(e):f=!0;y=`${$}:${U.join(";")},${h}`}else this.#t.has(e)?this.#t.delete(e):f=!0}else f=!0;y?(i=y.replace(W,L).replace(ae,N),f&&(i=i.replace(Z,N),this.#e=0)):(i=y,this.#e=0)}}return i||null}parse(e){if(!d(e))throw new TypeError(`Expected String but got ${g(e)}.`);let s=this.sanitize(e,{allow:["data","file"]}),o=new Map([["input",e]]);if(s){let n=new URL(s),{pathname:l,protocol:c}=n,p=c.replace(/:$/,"").split("+");if(o.set("valid",!0),p.includes("data")){let i=new Map,[m,...r]=l.split(","),a=`${r.join(",")}`,w=m.split(";"),v=w[w.length-1]==="base64";v&&w.pop(),i.set("mime",w.join(";")),i.set("base64",v),i.set("data",a),o.set("data",Object.fromEntries(i))}else o.set("data",null);for(let i in n){let m=n[i];typeof m!="function"&&o.set(i,m)}}else o.set("valid",!1);return Object.fromEntries(o)}},I=new A,H=t=>I.isURI(t),oe=async t=>await H(t),F=(t,e)=>I.sanitize(t,e??{allow:[],deny:[],only:[]}),ne=async(t,e)=>await F(t,e);export{I as default,oe as isURI,H as isURISync,ne as sanitizeURL,F as sanitizeURLSync}; | ||
| //# sourceMappingURL=url-sanitizer.min.js.map |
@@ -53,3 +53,3 @@ { | ||
| }, | ||
| "version": "0.5.4" | ||
| "version": "0.5.5" | ||
| } |
@@ -267,3 +267,2 @@ /** | ||
| } | ||
| let sanitizedUrl; | ||
| const { allow, deny, only } = opt ?? {}; | ||
@@ -276,2 +275,3 @@ const schemeMap = new Map([ | ||
| ]); | ||
| let restrictScheme = false; | ||
| if (Array.isArray(only) && only.length) { | ||
@@ -299,2 +299,5 @@ const schemes = super.get(); | ||
| } | ||
| if (!restrictScheme && schemeMap.has(item)) { | ||
| restrictScheme = schemeMap.get(item); | ||
| } | ||
| } | ||
@@ -338,2 +341,3 @@ } | ||
| } | ||
| let sanitizedUrl; | ||
| if (super.isURI(url)) { | ||
@@ -344,6 +348,10 @@ const { hash, href, pathname, protocol, search } = new URL(url); | ||
| let bool; | ||
| for (const [key, value] of schemeMap.entries()) { | ||
| bool = value || (scheme !== key && schemeParts.every(s => s !== key)); | ||
| if (!bool) { | ||
| break; | ||
| if (restrictScheme) { | ||
| bool = schemeParts.every(s => schemeMap.get(s)); | ||
| } else { | ||
| for (const [key, value] of schemeMap.entries()) { | ||
| bool = value || (scheme !== key && schemeParts.every(s => s !== key)); | ||
| if (!bool) { | ||
| break; | ||
| } | ||
| } | ||
@@ -350,0 +358,0 @@ } |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
No alert changes
Improved metrics
- Total package byte prevSize
- increased by1.08%
145976
- Lines of code
- increased by0.71%
2263
No dependency changes