@mintlify/common
Version:
Commonly shared code within Mintlify
36 lines (35 loc) • 1 kB
JavaScript
const LOOPBACK_HOSTS = ['localhost', '127.0.0.1', '[::1]'];
const DANGEROUS_PROTOCOLS = new Set([
'javascript:',
'data:',
'vbscript:',
'file:',
'about:',
'blob:',
]);
export function isAllowedRedirectUri(uri, allowedDomains) {
try {
const parsed = new URL(uri);
if (DANGEROUS_PROTOCOLS.has(parsed.protocol)) {
return false;
}
if (LOOPBACK_HOSTS.includes(parsed.hostname)) {
return true;
}
return allowedDomains.some((entry) => {
if (entry.includes('://')) {
try {
const allowed = new URL(entry);
return parsed.protocol === allowed.protocol && parsed.hostname === allowed.hostname;
}
catch (_a) {
return false;
}
}
return parsed.protocol === 'https:' && parsed.hostname === entry;
});
}
catch (_a) {
return false;
}
}