Skip to content

Commit

Permalink
docs: add documentation about pottentially trustworthy
Browse files Browse the repository at this point in the history
  • Loading branch information
metcoder95 committed Mar 1, 2022
1 parent 25d0068 commit 16c842c
Showing 1 changed file with 9 additions and 1 deletion.
10 changes: 9 additions & 1 deletion lib/fetch/util.js
Original file line number Diff line number Diff line change
Expand Up @@ -403,33 +403,41 @@ function isURLPotentiallyTrustworthy (url) {
return false
}

// If child of about, return true
if (url.href === 'about:blank' || url.href === 'about:srcdoc') {
return true
}

// If scheme is data, return true
if (url.protocol === 'data:') return true

return isOriginPotentiallyTrustworthy(url.origin)

function isOriginPotentiallyTrustworthy(origin) {
function isOriginPotentiallyTrustworthy (origin) {
// If origin is explicitly null, return false
if (origin == null || origin === 'null') return false

let originAsURL

// If not valid because not semantically correct, return false
try { originAsURL = new URL(origin) } catch (e) { return false }

// If secure, return true
if (originAsURL.protocol === 'https:' || originAsURL.protocol === 'wss:') {
return true
}

// If localhost or variants, return true
if (/^127(?:\.[0-9]+){0,2}\.[0-9]+$|^(?:0*:)*?:?0*1$/.test(originAsURL.hostname) ||
(originAsURL.hostname === 'localhost' || originAsURL.hostname.includes('localhost.')) ||
(originAsURL.hostname.endsWith('.localhost'))) {
return true
}

// If file, return true
if (originAsURL.protocol === 'file:') return true

// If any other, return false
return false
}
}
Expand Down

0 comments on commit 16c842c

Please sign in to comment.