(url: string)
| 20 | * single quotes, backticks (template literals), backslashes, and newlines. |
| 21 | */ |
| 22 | export const isValidURL = (url: string): boolean => { |
| 23 | try { |
| 24 | const parsed = new URL(url) |
| 25 | if (parsed.protocol !== 'http:' && parsed.protocol !== 'https:') return false |
| 26 | if (parsed.hash) return false |
| 27 | if (/["'`\\\n\r\t]/.test(url)) return false |
| 28 | return true |
| 29 | } catch { |
| 30 | return false |
| 31 | } |
| 32 | } |
| 33 | |
| 34 | /** |
| 35 | * Validates if a string contains path traversal attempts |
no test coverage detected