From ddf2584bf41487be25ffb21b810b792a078588f4 Mon Sep 17 00:00:00 2001
From: Sutthinart Khunvadhana <iakgoog@gmail.com>
Date: Sun, 11 Oct 2020 23:03:00 +0700
Subject: [PATCH] Throw a friendly error on `view-source:` input (#124)

---
 index.js | 4 ++++
 test.js  | 6 ++++++
 2 files changed, 10 insertions(+)

diff --git a/index.js b/index.js
index e370d25..a746086 100644
--- a/index.js
+++ b/index.js
@@ -83,6 +83,10 @@ const normalizeUrl = (urlString, options) => {
 		return normalizeDataURL(urlString, options);
 	}
 
+	if (/^view-source:/i.test(urlString)) {
+		throw new Error('`view-source:` is not supported as it is a non-standard protocol');
+	}
+
 	const hasRelativeProtocol = urlString.startsWith('//');
 	const isRelativeUrl = !hasRelativeProtocol && /^\.*\//.test(urlString);
 
diff --git a/test.js b/test.js
index df1b392..5f2e54b 100644
--- a/test.js
+++ b/test.js
@@ -314,3 +314,9 @@ test('prevents homograph attack', t => {
 	// The input string uses Unicode to make it look like a valid `ebay.com` URL.
 	t.is(normalizeUrl('https://ebаy.com'), 'https://xn--eby-7cd.com');
 });
+
+test('view-source URL', t => {
+	t.throws(() => {
+		normalizeUrl('view-source:https://www.sindresorhus.com');
+	}, '`view-source:` is not supported as it is a non-standard protocol');
+});