Skip to Content
⚠️Active Development Notice: TimeTiles is under active development. Information may be placeholder content or not up-to-date.
ReferenceAPI ReferenceLibraryUtilsURL Validation

web

web / lib/utils/url-validation

lib/utils/url-validation

URL validation utilities to prevent SSRF attacks.

Provides hostname-level checks against private/internal IP ranges without performing DNS resolution.

Functions

isPrivateUrl()

isPrivateUrl(url): boolean

Check whether a URL’s hostname points to a private/internal IP range.

This performs hostname pattern matching only (no DNS resolution) to guard against SSRF attacks. It catches the most common private ranges: 10.x, 172.16-31.x, 192.168.x, 127.x, 0.0.0.0, ::1, localhost, etc.

Parameters

url

string

The URL string to check.

Returns

boolean

true if the URL targets a private/internal address.

validateExternalHttpUrl()

validateExternalHttpUrl(urlString): { url: URL; } | { error: string; }

Validates that a string is a valid external HTTP(S) URL.

Rejects non-HTTP protocols and private/internal addresses (SSRF protection). Returns the parsed URL on success or an error message on failure.

Parameters

urlString

string

Returns

{ url: URL; } | { error: string; }

Last updated on
SlugUser Data