Closed dev-achalyash closed 2 years ago
👋 @dev-achalyash thanks for reaching out. On consideration of this feature, we're not going to accept it because we feel it opens the door to XSS vulnerabilities.
That said, we do agree that having the default as about:blank
to not be very helpful behavior, and we should change this to throw an error instead.
Pass an optional parameter in
sanitizeUrl
to pass a default url which can be returned instead of "about;blank" in case the url being sanitized has invalid protocols.This gives an option to redirect user to a default url, say homepage of the site instead of a blank page which would significantly affect UX.