迁移聊天消息安全工具

2026-04-25 19:27:39 +08:00
parent 891e18e83f
commit 4cdcaa537f
4 changed files with 125 additions and 63 deletions
@@ -27,3 +27,28 @@ export function escapeHtml(value) {
 export function escapeHtmlWithLineBreaks(value) {
    return escapeHtml(value).replace(/\n/g, "<br>");
 }
+
+/**
+ * 规整广播携带的链接，只允许当前站点的 http(s) 地址进入 innerHTML。
+ *
+ * @param {string|null|undefined} url 原始链接
+ * @param {string} fallback 回退链接
+ * @returns {string}
+ */
+export function normalizeSafeChatUrl(url, fallback) {
+    try {
+        const parsedUrl = new URL(url || fallback, window.location.origin);
+
+        if (!["http:", "https:"].includes(parsedUrl.protocol)) {
+            return fallback;
+        }
+
+        if (parsedUrl.origin !== window.location.origin) {
+            return fallback;
+        }
+
+        return parsedUrl.toString();
+    } catch (error) {
+        return fallback;
+    }
+}