MCPcopy
hub / github.com/swagger-api/swagger-ui / sanitizeUrl

Function sanitizeUrl

src/core/utils/url.js:41–79  ·  view source on GitHub ↗
(url)

Source from the content-addressed store, hash-verified

39}
40
41export function sanitizeUrl(url) {
42 if (typeof url !== "string" || url.trim() === "") {
43 return ""
44 }
45
46 const urlTrimmed = url.trim()
47 const blankURL = "about:blank"
48
49 try {
50 const base = `https://base${String(Math.random()).slice(2)}`
51 const urlObject = new URL(urlTrimmed, base)
52 const scheme = urlObject.protocol.slice(0, -1)
53
54 // check for invalid schemes
55 if (["javascript", "data", "vbscript"].includes(scheme.toLowerCase())) {
56 return blankURL
57 }
58
59 // return sanitized URI reference
60 if (urlObject.origin === base) {
61 if (urlTrimmed.startsWith("/")) {
62 return `${urlObject.pathname}${urlObject.search}${urlObject.hash}`
63 }
64
65 // Handle relative paths (./path, ../path, ./../../path, etc.)
66 if (urlTrimmed.startsWith("./") || urlTrimmed.startsWith("../")) {
67 const relativePath = urlTrimmed.match(/^(\.\.?\/)+/)[0]
68 const remainingPath = urlObject.pathname.substring(1)
69 return `${relativePath}${remainingPath}${urlObject.search}${urlObject.hash}`
70 }
71
72 return `${urlObject.pathname.substring(1)}${urlObject.search}${urlObject.hash}`
73 }
74
75 return String(urlObject)
76 } catch {
77 return blankURL
78 }
79}

Callers 15

utils.jsFile · 0.90
authorizeFunction · 0.90
renderMethod · 0.90
renderMethod · 0.90
renderMethod · 0.90
renderMethod · 0.90
renderMethod · 0.90
renderMethod · 0.90
renderMethod · 0.90
renderMethod · 0.90
renderMethod · 0.90
renderMethod · 0.90

Calls

no outgoing calls

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…