browserclaw 0.3.1 → 0.3.2

package/dist/index.js

@@ -1387,7 +1387,20 @@ var InvalidBrowserNavigationUrlError = class extends Error {
 function withBrowserNavigationPolicy(ssrfPolicy) {
   return { ssrfPolicy };
 }
+var NETWORK_NAVIGATION_PROTOCOLS = /* @__PURE__ */ new Set(["http:", "https:"]);
+var SAFE_NON_NETWORK_URLS = /* @__PURE__ */ new Set(["about:blank"]);
 async function assertBrowserNavigationAllowed(opts) {
+  const rawUrl = String(opts.url ?? "").trim();
+  let parsed;
+  try {
+    parsed = new URL(rawUrl);
+  } catch {
+    throw new InvalidBrowserNavigationUrlError(`Invalid URL: "${rawUrl}"`);
+  }
+  if (!NETWORK_NAVIGATION_PROTOCOLS.has(parsed.protocol)) {
+    if (SAFE_NON_NETWORK_URLS.has(parsed.href)) return;
+    throw new InvalidBrowserNavigationUrlError(`Navigation blocked: unsupported protocol "${parsed.protocol}"`);
+  }
   const policy = opts.ssrfPolicy;
   if (policy?.allowPrivateNetwork) return;
   const allowedHostnames = [
@@ -1395,18 +1408,12 @@ async function assertBrowserNavigationAllowed(opts) {
     ...policy?.hostnameAllowlist ?? []
   ];
   if (allowedHostnames.length) {
-    let parsed;
-    try {
-      parsed = new URL(opts.url);
-    } catch {
-      throw new InvalidBrowserNavigationUrlError(`Invalid URL: "${opts.url}"`);
-    }
     const hostname = parsed.hostname.toLowerCase();
     if (allowedHostnames.some((h) => h.toLowerCase() === hostname)) return;
   }
-  if (await isInternalUrlResolved(opts.url, opts.lookupFn)) {
+  if (await isInternalUrlResolved(rawUrl, opts.lookupFn)) {
     throw new InvalidBrowserNavigationUrlError(
-      `Navigation to internal/loopback address blocked: "${opts.url}". Use ssrfPolicy: { allowPrivateNetwork: true } if this is intentional.`
+      `Navigation to internal/loopback address blocked: "${rawUrl}". Use ssrfPolicy: { allowPrivateNetwork: true } if this is intentional.`
     );
   }
 }