Function: isAllowedExternalOpenUrl()

isAllowedExternalOpenUrl(rawUrl: string): boolean

Defined in: shared/utils/urlSafety.ts:309

Returns true when a URL is safe to open via shell.openExternal.

Parameters

rawUrl

string

Returns

boolean

Remarks

Intentionally strict:

• Allows only http:, https:, and mailto:.
• Rejects credentials (username/password).
• Rejects CR/LF characters to prevent URL injection tricks.

This should be used on both sides of IPC (renderer + main) as defense in depth.