|
84 | 84 | import {unreachable} from 'devlop' |
85 | 85 | import {toJsxRuntime} from 'hast-util-to-jsx-runtime' |
86 | 86 | import {urlAttributes} from 'html-url-attributes' |
87 | | -import {sanitizeUri} from 'micromark-util-sanitize-uri' |
88 | 87 | // @ts-expect-error: untyped. |
89 | 88 | import {Fragment, jsx, jsxs} from 'react/jsx-runtime' |
90 | 89 | import remarkParse from 'remark-parse' |
@@ -297,5 +296,26 @@ export function Markdown(options) { |
297 | 296 | * Safe URL. |
298 | 297 | */ |
299 | 298 | export function defaultUrlTransform(value) { |
300 | | - return sanitizeUri(value, safeProtocol) |
| 299 | + // Same as: |
| 300 | + // <https://github.com/micromark/micromark/blob/929275e/packages/micromark-util-sanitize-uri/dev/index.js#L34> |
| 301 | + // But without the `encode` part. |
| 302 | + const colon = value.indexOf(':') |
| 303 | + const questionMark = value.indexOf('?') |
| 304 | + const numberSign = value.indexOf('#') |
| 305 | + const slash = value.indexOf('/') |
| 306 | + |
| 307 | + if ( |
| 308 | + // If there is no protocol, it’s relative. |
| 309 | + colon < 0 || |
| 310 | + // If the first colon is after a `?`, `#`, or `/`, it’s not a protocol. |
| 311 | + (slash > -1 && colon > slash) || |
| 312 | + (questionMark > -1 && colon > questionMark) || |
| 313 | + (numberSign > -1 && colon > numberSign) || |
| 314 | + // It is a protocol, it should be allowed. |
| 315 | + safeProtocol.test(value.slice(0, colon)) |
| 316 | + ) { |
| 317 | + return value |
| 318 | + } |
| 319 | + |
| 320 | + return '' |
301 | 321 | } |
0 commit comments