Skip to content

Commit

Permalink
Throw a friendly error on view-source: input (#124)
Browse files Browse the repository at this point in the history
  • Loading branch information
iakgoog authored Oct 11, 2020
1 parent fe36714 commit ddf2584
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 0 deletions.
4 changes: 4 additions & 0 deletions index.js
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,10 @@ const normalizeUrl = (urlString, options) => {
return normalizeDataURL(urlString, options);
}

if (/^view-source:/i.test(urlString)) {
throw new Error('`view-source:` is not supported as it is a non-standard protocol');
}

const hasRelativeProtocol = urlString.startsWith('//');
const isRelativeUrl = !hasRelativeProtocol && /^\.*\//.test(urlString);

Expand Down
6 changes: 6 additions & 0 deletions test.js
Original file line number Diff line number Diff line change
Expand Up @@ -314,3 +314,9 @@ test('prevents homograph attack', t => {
// The input string uses Unicode to make it look like a valid `ebay.com` URL.
t.is(normalizeUrl('https://ebаy.com'), 'https://xn--eby-7cd.com');
});

test('view-source URL', t => {
t.throws(() => {
normalizeUrl('view-source:https://www.sindresorhus.com');
}, '`view-source:` is not supported as it is a non-standard protocol');
});

0 comments on commit ddf2584

Please sign in to comment.