From 32f23f7c532cc111fa5a818ae2a81d5d1e770be1 Mon Sep 17 00:00:00 2001 From: Daniel Roe Date: Fri, 28 Jul 2023 11:09:38 +0200 Subject: [PATCH 1/5] feat(hasProtocol): allow disallowing script protocols --- src/utils.ts | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/utils.ts b/src/utils.ts index 3c8f7f93..8b51e82a 100644 --- a/src/utils.ts +++ b/src/utils.ts @@ -10,10 +10,12 @@ export function isRelative(inputString: string) { const PROTOCOL_STRICT_REGEX = /^\w{2,}:([/\\]{1,2})/; const PROTOCOL_REGEX = /^\w{2,}:([/\\]{2})?/; const PROTOCOL_RELATIVE_REGEX = /^([/\\]\s*){2,}[^/\\]/; +const PROTOCOL_SCRIPT_RE = /^(data|javascript|vbscript):$/; export interface HasProtocolOptions { acceptRelative?: boolean; strict?: boolean; + script?: boolean } export function hasProtocol( inputString: string, @@ -34,6 +36,9 @@ export function hasProtocol( if (typeof opts === "boolean") { opts = { acceptRelative: opts }; } + if (opts.script === false && PROTOCOL_SCRIPT_RE.test(inputString)) { + return false; + } if (opts.strict) { return PROTOCOL_STRICT_REGEX.test(inputString); } From c9e4f38d25ec0b24505f7db68543ce8c072c1633 Mon Sep 17 00:00:00 2001 From: Daniel Roe Date: Fri, 28 Jul 2023 11:10:39 +0200 Subject: [PATCH 2/5] chore: add comment --- src/utils.ts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/utils.ts b/src/utils.ts index 8b51e82a..c9ac0983 100644 --- a/src/utils.ts +++ b/src/utils.ts @@ -15,7 +15,8 @@ const PROTOCOL_SCRIPT_RE = /^(data|javascript|vbscript):$/; export interface HasProtocolOptions { acceptRelative?: boolean; strict?: boolean; - script?: boolean + /** Set to false to return false for script protocols (data:, javascript:, and vbscript:) */ + script?: boolean; } export function hasProtocol( inputString: string, From 2c157d99a284b326c2b434eace6d7f0b24978017 Mon Sep 17 00:00:00 2001 From: Daniel Roe Date: Fri, 28 Jul 2023 12:30:30 +0200 Subject: [PATCH 3/5] refactor: expose instead as `isScriptProtocol` --- src/utils.ts | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/src/utils.ts b/src/utils.ts index c9ac0983..66211424 100644 --- a/src/utils.ts +++ b/src/utils.ts @@ -10,13 +10,10 @@ export function isRelative(inputString: string) { const PROTOCOL_STRICT_REGEX = /^\w{2,}:([/\\]{1,2})/; const PROTOCOL_REGEX = /^\w{2,}:([/\\]{2})?/; const PROTOCOL_RELATIVE_REGEX = /^([/\\]\s*){2,}[^/\\]/; -const PROTOCOL_SCRIPT_RE = /^(data|javascript|vbscript):$/; export interface HasProtocolOptions { acceptRelative?: boolean; strict?: boolean; - /** Set to false to return false for script protocols (data:, javascript:, and vbscript:) */ - script?: boolean; } export function hasProtocol( inputString: string, @@ -37,9 +34,6 @@ export function hasProtocol( if (typeof opts === "boolean") { opts = { acceptRelative: opts }; } - if (opts.script === false && PROTOCOL_SCRIPT_RE.test(inputString)) { - return false; - } if (opts.strict) { return PROTOCOL_STRICT_REGEX.test(inputString); } @@ -49,6 +43,11 @@ export function hasProtocol( ); } +const PROTOCOL_SCRIPT_RE = /^(data|javascript|vbscript):$/; +export function isScriptProtocol(protocol?: string) { + return !!protocol && PROTOCOL_SCRIPT_RE.test(protocol); +} + const TRAILING_SLASH_RE = /\/$|\/\?/; export function hasTrailingSlash(input = "", queryParameters = false): boolean { From b5cc401bdde136a50fe7a82a6b5db4aab8d34490 Mon Sep 17 00:00:00 2001 From: Daniel Roe Date: Fri, 28 Jul 2023 17:02:42 +0200 Subject: [PATCH 4/5] Update src/utils.ts --- src/utils.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/utils.ts b/src/utils.ts index 66211424..fca6117d 100644 --- a/src/utils.ts +++ b/src/utils.ts @@ -43,7 +43,7 @@ export function hasProtocol( ); } -const PROTOCOL_SCRIPT_RE = /^(data|javascript|vbscript):$/; +const PROTOCOL_SCRIPT_RE = /^(blob|data|javascript|vbscript):$/; export function isScriptProtocol(protocol?: string) { return !!protocol && PROTOCOL_SCRIPT_RE.test(protocol); } From 50fa650c5048deec069d1f54cd2aecec315ed76d Mon Sep 17 00:00:00 2001 From: pooya parsa Date: Fri, 28 Jul 2023 18:23:37 +0200 Subject: [PATCH 5/5] Update src/utils.ts --- src/utils.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/src/utils.ts b/src/utils.ts index fca6117d..cae821dd 100644 --- a/src/utils.ts +++ b/src/utils.ts @@ -44,6 +44,7 @@ export function hasProtocol( } const PROTOCOL_SCRIPT_RE = /^(blob|data|javascript|vbscript):$/; + export function isScriptProtocol(protocol?: string) { return !!protocol && PROTOCOL_SCRIPT_RE.test(protocol); }