mixin

UrlSanitizer

@Js
const mixin UrlSanitizer

Sanitizes uris for img and a elements by whitelisting protocols. This is intended to prevent XSS payloads like

[Click this totally safe url](javascript:document.xss=true;)

Implementation based on https://github.com/OWASP/java-html-sanitizer/blob/f07e44b034a45d94d6fd010279073c38b6933072/src/main/java/org/owasp/html/FilterUrlByProtocolAttributePolicy.java

 methods sanitizeImage

Sanitize a url for use in the src attribute of a Image

 sanitizeLink

Sanitize a url for use in the href attribute of a Link

 sanitizeImage virtual Str sanitizeImage(Str url)

Sanitize a url for use in the src attribute of a Image

 sanitizeLink abstract Str sanitizeLink(Str url)

Sanitize a url for use in the href attribute of a Link

 Haxall 4.0.5 ∙ 24-Feb-2026 14:33 EST