Detect XSS URL with its prefix

[supersonictw]

Please PR it, prevent from the malicious code executed and caused the users of Flarum getting the danger.

[karaok491]

Hi, and thanks for the PR!

Whilst I think this is a very good call to block javascript: from being entered in these fields, I'd question if this is the most sensible approach?

I think that by validating the url on save, would make more sense here, rather than allowing it into the database in the first place.

[supersonictw]

I think that the issue https://github.com/FriendsOfFlarum/socialprofile/issues/13 already resolved this problem. I'm still learning the Flarum PHP API but not professional enough, so I modified the JavaScript instead, thank you for your updates.