The previous URL checks are trivial to bypass (e.g. by changing the casing).
For any kind of URL validation, avoid string comparisons. It’s safer to use new URL(string) and rely on the URL API’s functionality. This guarantees you’re dealing with a normalized URL object.
The previous URL checks are trivial to bypass (e.g. by changing the casing).
For any kind of URL validation, avoid string comparisons. It’s safer to use
new URL(string)
and rely on the URL API’s functionality. This guarantees you’re dealing with a normalized URL object.