Fix code scanning alert no. 1: Incomplete URL scheme check

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
MetaMask · Oct 8, 2024 · 0f3c1a6 · 0f3c1a6
1 parent 7e8f3cb
commit 0f3c1a6
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/index.ts b/src/index.ts
@@ -87,7 +87,7 @@ function setupOpenSelfInNewTabLink() {
  */
 function isValidSuspectHref(href: string) {
   /* eslint-disable-next-line */
-  const disallowedProtocols = ['javascript:'];
+  const disallowedProtocols = ['javascript:', 'data:', 'vbscript:'];
   const parsedSuspectHref = new URL(href);
 
   return disallowedProtocols.indexOf(parsedSuspectHref.protocol) < 0;