* Match a URL against a pattern with * as a wildcard (any characters). * Same semantics as the MCP server allowlist patterns.
(url: string, pattern: string)
| 62 | * Same semantics as the MCP server allowlist patterns. |
| 63 | */ |
| 64 | function urlMatchesPattern(url: string, pattern: string): boolean { |
| 65 | const escaped = pattern.replace(/[.+?^${}()|[\]\\]/g, '\\$&') |
| 66 | const regexStr = escaped.replace(/\*/g, '.*') |
| 67 | return new RegExp(`^${regexStr}$`).test(url) |
| 68 | } |
| 69 | |
| 70 | /** |
| 71 | * Strip CR, LF, and NUL bytes from a header value to prevent HTTP header |