diff --git a/.changeset/fair-scissors-march.md b/.changeset/fair-scissors-march.md new file mode 100644 index 000000000000..c1f812a692c9 --- /dev/null +++ b/.changeset/fair-scissors-march.md @@ -0,0 +1,5 @@ +--- +'@sveltejs/kit': patch +--- + +fix: better handling of data: and about: protocols diff --git a/packages/kit/src/runtime/client/utils.js b/packages/kit/src/runtime/client/utils.js index 6c324d1a769b..d7639bfeb6c3 100644 --- a/packages/kit/src/runtime/client/utils.js +++ b/packages/kit/src/runtime/client/utils.js @@ -312,6 +312,11 @@ export function create_updated_store() { * @param {boolean} hash_routing */ export function is_external_url(url, base, hash_routing) { + //about: and data: protocols are always internal urls + if (url.protocol === 'about:' || url.protocol === 'data:') { + return false; + } + if (url.origin !== origin || !url.pathname.startsWith(base)) { return true; } diff --git a/packages/kit/src/runtime/server/page/render.js b/packages/kit/src/runtime/server/page/render.js index 59d9229164dc..d08660e2fdf2 100644 --- a/packages/kit/src/runtime/server/page/render.js +++ b/packages/kit/src/runtime/server/page/render.js @@ -104,14 +104,15 @@ export async function render_response({ base = segments.map(() => '..').join('/') || '.'; // resolve e.g. '../..' against current location, then remove trailing slash - base_expression = `new URL(${s(base)}, location).pathname.slice(0, -1)`; + base_expression = `location.protocol === 'about:' || location.protocol === 'data:' ? new URL('#', location) : new URL(${s(base)}, location).pathname.slice(0, -1)`; if (!paths.assets || (paths.assets[0] === '/' && paths.assets !== SVELTE_KIT_ASSETS)) { assets = base; } } else if (options.hash_routing) { // we have to assume that we're in the right place - base_expression = "new URL('.', location).pathname.slice(0, -1)"; + base_expression = + "location.protocol === 'about:' || location.protocol === 'data:' ? new URL('#', location) : new URL('.', location).pathname.slice(0, -1)"; } }