react Architecture Docs
Home / File/ sanitizeURL.js — react Source File

sanitizeURL.js — react Source File

Architecture documentation for sanitizeURL.js, a javascript file in the react codebase. 0 imports, 2 dependents.

File javascript BabelCompiler 2 dependents

Entity Profile

Dependency Diagram

graph LR
  1e24d3b3_4911_63a7_818c_27303e3dfc71["sanitizeURL.js"]
  1e990658_7cea_75be_1f24_2399bdf9f15b["ReactDOMComponent.js"]
  1e990658_7cea_75be_1f24_2399bdf9f15b --> 1e24d3b3_4911_63a7_818c_27303e3dfc71
  4ae326e8_2c2e_2843_d5a5_16edbddd103a["ReactFizzConfigDOM.js"]
  4ae326e8_2c2e_2843_d5a5_16edbddd103a --> 1e24d3b3_4911_63a7_818c_27303e3dfc71
  style 1e24d3b3_4911_63a7_818c_27303e3dfc71 fill:#6366f1,stroke:#818cf8,color:#fff

Relationship Graph

Source Code

/**
 * Copyright (c) Meta Platforms, Inc. and affiliates.
 *
 * This source code is licensed under the MIT license found in the
 * LICENSE file in the root directory of this source tree.
 *
 * @flow
 */

// A javascript: URL can contain leading C0 control or \u0020 SPACE,
// and any newline or tab are filtered out as if they're not part of the URL.
// https://url.spec.whatwg.org/#url-parsing
// Tab or newline are defined as \r\n\t:
// https://infra.spec.whatwg.org/#ascii-tab-or-newline
// A C0 control is a code point in the range \u0000 NULL to \u001F
// INFORMATION SEPARATOR ONE, inclusive:
// https://infra.spec.whatwg.org/#c0-control-or-space

const isJavaScriptProtocol =
  /^[\u0000-\u001F ]*j[\r\n\t]*a[\r\n\t]*v[\r\n\t]*a[\r\n\t]*s[\r\n\t]*c[\r\n\t]*r[\r\n\t]*i[\r\n\t]*p[\r\n\t]*t[\r\n\t]*\:/i;

function sanitizeURL<T>(url: T): T | string {
  // We should never have symbols here because they get filtered out elsewhere.
  // eslint-disable-next-line react-internal/safe-string-coercion
  if (isJavaScriptProtocol.test('' + (url: any))) {
    // Return a different javascript: url that doesn't cause any side-effects and just
    // throws if ever visited.
    // eslint-disable-next-line no-script-url
    return "javascript:throw new Error('React has blocked a javascript: URL as a security precaution.')";
  }
  return url;
}

export default sanitizeURL;

Domain

Imported By

Source

Frequently Asked Questions

What does sanitizeURL.js do?
sanitizeURL.js is a source file in the react codebase, written in javascript. It belongs to the BabelCompiler domain.
What files import sanitizeURL.js?
sanitizeURL.js is imported by 2 file(s): ReactDOMComponent.js, ReactFizzConfigDOM.js.
Where is sanitizeURL.js in the architecture?
sanitizeURL.js is located at packages/react-dom-bindings/src/shared/sanitizeURL.js (domain: BabelCompiler, directory: packages/react-dom-bindings/src/shared).

Analyze Your Own Codebase

Get architecture documentation, dependency graphs, and domain analysis for your codebase in minutes.

Try Supermodel Free