pl-fe: upgrade lexical code from upstream

Signed-off-by: mkljczk <git@mkljczk.pl>
2025-03-06 15:43:59 +01:00
parent 10cd57d3da
commit 215eb39a8c
1 changed files with 18 additions and 13 deletions
--- a/packages/pl-fe/src/features/compose/editor/utils/url.ts
+++ b/packages/pl-fe/src/features/compose/editor/utils/url.ts
@ -4,20 +4,25 @@
 * LICENSE file in the /src/features/compose/editor directory.
 */

+const SUPPORTED_URL_PROTOCOLS = new Set([
+  'http:',
+  'https:',
+  'mailto:',
+  'sms:',
+  'tel:',
+]);
+
 export const sanitizeUrl = (url: string): string => {
-  /** A pattern that matches safe  URLs. */
-  const SAFE_URL_PATTERN =
-    /^(?:(?:https?|mailto|ftp|tel|file|sms):|[^&:/?#]*(?:[/?#]|$))/gi;
-
-  /** A pattern that matches safe data URLs. */
-  const DATA_URL_PATTERN =
-    /^data:(?:image\/(?:bmp|gif|jpeg|jpg|png|tiff|webp)|video\/(?:mpeg|mp4|ogg|webm)|audio\/(?:mp3|oga|ogg|opus));base64,[a-z0-9+/]+=*$/i;
-
-  url = String(url).trim();
-
-  if (url.match(SAFE_URL_PATTERN) || url.match(DATA_URL_PATTERN)) return url;
-
-  return 'https://';
+  try {
+    const parsedUrl = new URL(url);
+    // eslint-disable-next-line no-script-url
+    if (!SUPPORTED_URL_PROTOCOLS.has(parsedUrl.protocol)) {
+      return 'about:blank';
+    }
+  } catch {
+    return url;
+  }
+  return url;
 };

 // Source: https://stackoverflow.com/a/8234912/2013580