Function: validateHttpUrlCandidate()

validateHttpUrlCandidate(rawUrl: unknown, options?: { disallowAuth?: boolean; maxBytes?: number; }): HttpUrlValidationResult

Defined in: shared/utils/urlSafety.ts:163

Validates and normalizes a URL intended to be used as an HTTP(S) endpoint.

Parameters

rawUrl

unknown

options?

disallowAuth?

boolean

When true, reject https://user:pass@host style credentials.

Default Value

true;

maxBytes?

number

Maximum UTF-8 byte budget accepted for the URL string.

Returns

HttpUrlValidationResult

Remarks

Unlike validateExternalOpenUrlCandidate, this helper rejects all non-HTTP(S) schemes (including mailto:) and is tuned for places where the application expects to fetch or monitor a web endpoint.

This is primarily used at IPC trust boundaries to ensure consistent enforcement of:

Trimming and empty-string handling
UTF-8 byte budgets (defense-in-depth against oversized payloads)
Newline/control-character rejection (CRLF injection protection)
Validator.js URL semantics via isValidUrl

Parameters​

rawUrl​

options?​

disallowAuth?​

maxBytes?​

Returns​

Remarks​