Skip to content

Commit 76f5073

Browse files
committed
fix: validate correctly protocol relative urls
1 parent a904c5e commit 76f5073

1 file changed

Lines changed: 3 additions & 2 deletions

File tree

packages/base/src/validateThemeRoot.ts

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -31,15 +31,16 @@ const validateThemeRoot = (themeRoot: string) => {
3131
let isSameOrigin = false;
3232

3333
try {
34-
if (themeRoot.startsWith(".") || themeRoot.startsWith("/")) {
34+
if (themeRoot.startsWith(".") || (themeRoot.startsWith("/") && !themeRoot.startsWith("//"))) {
3535
// Handle relative url
3636
// new URL("/newExmPath", "http://example.com/exmPath") => http://example.com/newExmPath
3737
// new URL("./newExmPath", "http://example.com/exmPath") => http://example.com/exmPath/newExmPath
3838
// new URL("../newExmPath", "http://example.com/exmPath") => http://example.com/newExmPath
3939
resultUrl = new URL(themeRoot, getLocationHref()).toString();
4040
isSameOrigin = true;
4141
} else {
42-
const themeRootURL = new URL(themeRoot);
42+
// Protocol-relative URLs (//host/path) need a base to resolve the protocol
43+
const themeRootURL = themeRoot.startsWith("//") ? new URL(themeRoot, getLocationHref()) : new URL(themeRoot);
4344
const origin = themeRootURL.origin;
4445
const currentOrigin = new URL(getLocationHref()).origin;
4546

0 commit comments

Comments
 (0)