Closed george-norris-salesforce closed 5 years ago
Can you give more context (and docs) on the http://Payload:
protocol? I'm familiar with data:
and resource:
, but payload:
is a new one to me.
Closing. Ended up using valid-url package to test for valid url stings
var d =
http://Payload: "><object data='data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMSk+'>
; sanitizeUrl(d); Would be nice if this resolved to about:blank too