feat: add option to pass default url in case of invalid protocol

braintree / sanitize-url

MIT License

319 stars 37 forks source link

feat: add option to pass default url in case of invalid protocol #43

Closed dev-achalyash closed 2 years ago

dev-achalyash commented 2 years ago

Pass an optional parameter in sanitizeUrl to pass a default url which can be returned instead of "about;blank" in case the url being sanitized has invalid protocols.

This gives an option to redirect user to a default url, say homepage of the site instead of a blank page which would significantly affect UX.

hollabaq86 commented 2 years ago

👋 @dev-achalyash thanks for reaching out. On consideration of this feature, we're not going to accept it because we feel it opens the door to XSS vulnerabilities.

That said, we do agree that having the default as about:blank to not be very helpful behavior, and we should change this to throw an error instead.