39 lines
1.2 KiB
TypeScript
39 lines
1.2 KiB
TypeScript
|
/**
|
||
|
|
* Make a value safe for injection as a URL.
|
||
|
|
*
|
||
|
|
* This encodes unsafe characters with percent-encoding and skips already
|
||
|
|
* encoded sequences (see `normalizeUri`).
|
||
|
|
* Further unsafe characters are encoded as character references (see
|
||
|
|
* `micromark-util-encode`).
|
||
|
|
*
|
||
|
|
* A regex of allowed protocols can be given, in which case the URL is
|
||
|
|
* sanitized.
|
||
|
|
* For example, `/^(https?|ircs?|mailto|xmpp)$/i` can be used for `a[href]`, or
|
||
|
|
* `/^https?$/i` for `img[src]` (this is what `github.com` allows).
|
||
|
|
* If the URL includes an unknown protocol (one not matched by `protocol`, such
|
||
|
|
* as a dangerous example, `javascript:`), the value is ignored.
|
||
|
|
*
|
||
|
|
* @param {string | null | undefined} url
|
||
|
|
* URI to sanitize.
|
||
|
|
* @param {RegExp | null | undefined} [protocol]
|
||
|
|
* Allowed protocols.
|
||
|
|
* @returns {string}
|
||
|
|
* Sanitized URI.
|
||
|
|
*/
|
||
|
|
export function sanitizeUri(
|
||
|
|
url: string | null | undefined,
|
||
|
|
protocol?: RegExp | null | undefined
|
||
|
|
): string
|
||
|
|
/**
|
||
|
|
* Normalize a URL.
|
||
|
|
*
|
||
|
|
* Encode unsafe characters with percent-encoding, skipping already encoded
|
||
|
|
* sequences.
|
||
|
|
*
|
||
|
|
* @param {string} value
|
||
|
|
* URI to normalize.
|
||
|
|
* @returns {string}
|
||
|
|
* Normalized URI.
|
||
|
|
*/
|
||
|
|
export function normalizeUri(value: string): string
|