brianhansonxyz/rspade_system
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ee709ae86d6fd643af4f3b39dfd4e191fd4b7085
rspade_system/vendor/spatie/ignition/node_modules/micromark-util-sanitize-uri/index.js
root f6fac6c4bc Fix bin/publish: copy docs.dist from project root 
Fix bin/publish: use correct .env path for rspade_system
Fix bin/publish script: prevent grep exit code 1 from terminating script

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-21 02:08:33 +00:00

112 lines
2.9 KiB
JavaScript
Executable File
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
import {asciiAlphanumeric} from 'micromark-util-character'
import {encode} from 'micromark-util-encode'
/**
* Make a value safe for injection as a URL.
*
* This encodes unsafe characters with percent-encoding and skips already
* encoded sequences (see `normalizeUri` below).
* Further unsafe characters are encoded as character references (see
* `micromark-util-encode`).
*
* Then, a regex of allowed protocols can be given, in which case the URL is
* sanitized.
* For example, `/^(https?|ircs?|mailto|xmpp)$/i` can be used for `a[href]`,
* or `/^https?$/i` for `img[src]`.
* If the URL includes an unknown protocol (one not matched by `protocol`, such
* as a dangerous example, `javascript:`), the value is ignored.
*
* @param {string|undefined} url
* @param {RegExp} [protocol]
* @returns {string}
*/
export function sanitizeUri(url, protocol) {
const value = encode(normalizeUri(url || ''))
if (!protocol) {
return value
}
const colon = value.indexOf(':')
const questionMark = value.indexOf('?')
const numberSign = value.indexOf('#')
const slash = value.indexOf('/')
if (
// If there is no protocol, its relative.
colon < 0 || // If the first colon is after a `?`, `#`, or `/`, its not a protocol.
(slash > -1 && colon > slash) ||
(questionMark > -1 && colon > questionMark) ||
(numberSign > -1 && colon > numberSign) || // It is a protocol, it should be allowed.
protocol.test(value.slice(0, colon))
) {
return value
}
return ''
}
/**
* Normalize a URL (such as used in definitions).
*
* Encode unsafe characters with percent-encoding, skipping already encoded
* sequences.
*
* @param {string} value
* @returns {string}
*/
export function normalizeUri(value) {
/** @type {Array<string>} */
const result = []
let index = -1
let start = 0
let skip = 0
while (++index < value.length) {
const code = value.charCodeAt(index)
/** @type {string} */
let replace = '' // A correct percent encoded value.
if (
code === 37 &&
asciiAlphanumeric(value.charCodeAt(index + 1)) &&
asciiAlphanumeric(value.charCodeAt(index + 2))
) {
skip = 2
} // ASCII.
else if (code < 128) {
if (!/[!#$&-;=?-Z_a-z~]/.test(String.fromCharCode(code))) {
replace = String.fromCharCode(code)
}
} // Astral.
else if (code > 55295 && code < 57344) {
const next = value.charCodeAt(index + 1) // A correct surrogate pair.
if (code < 56320 && next > 56319 && next < 57344) {
replace = String.fromCharCode(code, next)
skip = 1
} // Lone surrogate.
else {
replace = '\uFFFD'
}
} // Unicode.
else {
replace = String.fromCharCode(code)
}
if (replace) {
result.push(value.slice(start, index), encodeURIComponent(replace))
start = index + skip + 1
replace = ''
}
if (skip) {
index += skip
skip = 0
}
}
return result.join('') + value.slice(start)
}
Reference in New Issue View Git Blame Copy Permalink