Extend `isSafeURL` util to support unknown protocols
Proposal
Based on the feature requirements like these, we should extend the isSafeUrl
utility to allow unknown protocols except the potentially vulnerable protocols.
The list of potentially vulnerable protocols includes:
javascript:
data:
vbscript:
Security Improvement
This will help remove the usage of is-unsafe-link
attribute and provide a safer alternative for it.
Edited by Dheeraj Joshi