Potential fix for code scanning alert no. 3: Incomplete URL scheme check

[Work90210]

Potential fix for https://github.com/Work90210/APIFold/security/code-scanning/3

In general, the problem is fixed by extending the URL scheme check so that it treats data: and vbscript: schemes as invalid in the same way as javascript:. This keeps the test’s semantics (“flag unsafe/invalid hrefs”) while covering all common executable URL schemes that can hide script execution.

Concretely, in e2e/tests/landing/navigation.spec.ts, within the test("all anchor links on the page have valid hrefs", ...), update the conditional on line 105 to also check for href values starting with "data:" and "vbscript:". To keep behavior consistent and simple, we can add them directly into the existing if condition using additional || clauses. No imports or helper methods are needed; we just extend the inline startsWith check.

The only change required is:

• In the loop that builds invalidLinks, change:

if (!href || href === "#" || href.startsWith("javascript:")) {

to:

if (
  !href ||
  href === "#" ||
  href.startsWith("javascript:") ||
  href.startsWith("data:") ||
  href.startsWith("vbscript:")
) {

This preserves the existing behavior and test expectations while closing the gap highlighted by CodeQL.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

[coderabbitai]

Warning

Rate limit exceeded

@Work90210 has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 0 minutes and 26 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 05acd34f-f447-4f8a-8680-79d5fa346dc6

📥 Commits

Reviewing files that changed from the base of the PR and between bfef7dd and 0a2daf6.

📒 Files selected for processing (1)

• e2e/tests/landing/navigation.spec.ts

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch alert-autofix-3

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Coverage Report for packages/transformer

Status	Category	Percentage	Covered / Total
🔵	Lines	96.34% (🎯 80%)	607 / 630
🔵	Statements	96.34% (🎯 80%)	607 / 630
🔵	Functions	97.36% (🎯 80%)	37 / 38
🔵	Branches	94.86% (🎯 80%)	240 / 253

File Coverage

No changed files found.

Generated in workflow #206 for commit 0a2daf6 by the Vitest Coverage Report Action