Check whether a URL contains a dangerous scheme (javascript:, data:, vbscript:).
Before testing, the value is stripped of all whitespace and control
characters (U+0000-U+001F, U+007F-U+009F) to defeat evasion techniques
such as "java\nscript:" or "java\x00script:" that exploit browser
whitespace tolerance in URL parsing.
Parameters
value: string
The URL string to check.
Returns boolean
true if the URL uses a dangerous scheme and should be blocked.
Check whether a URL contains a dangerous scheme (
javascript:,data:,vbscript:).Before testing, the value is stripped of all whitespace and control characters (U+0000-U+001F, U+007F-U+009F) to defeat evasion techniques such as
"java\nscript:"or"java\x00script:"that exploit browser whitespace tolerance in URL parsing.