feat: added an URL sanitizer

2026-02-22 17:55:42 +01:00
parent 509afa4c85
commit 145b3ea0a6
4 changed files with 23 additions and 1 deletions
--- a/src/main/shared/blogmark.ts
+++ b/src/main/shared/blogmark.ts
@@ -1,4 +1,5 @@
 import { z } from 'zod';
+import { sanitizeUrl } from '@braintree/sanitize-url';
 import { normalizeNonEmptyTaxonomyTerm } from '../engine/taxonomyUtils';

 const MAX_TITLE_LENGTH = 200;
@@ -42,9 +43,14 @@ function sanitizeHttpUrl(rawUrl: unknown): string | null {
    return null;
  }

+  const policySanitized = sanitizeUrl(trimmed);
+  if (policySanitized === 'about:blank') {
+    return null;
+  }
+
  let parsed: URL;
  try {
-    parsed = new URL(trimmed);
+    parsed = new URL(policySanitized);
  } catch {
    return null;
  }