sanitizeLogoUrl method - DataleonFlowController class - dataleon_flow_controller library

sanitizeLogoUrl static method

String? sanitizeLogoUrl(

String? raw

)

Sanitize a branding logo URL: only http/https is allowed. Relative paths are resolved against the customer-assets bucket (https). Any other scheme (javascript:, data:, file:, …) is rejected and returns null.

Implementation

static String? sanitizeLogoUrl(String? raw) {
  if (raw == null) return null;
  final clean = raw.trim();
  if (clean.isEmpty) return null;

  final uri = Uri.tryParse(clean);
  if (uri == null) return null;

  if (uri.hasScheme) {
    final scheme = uri.scheme.toLowerCase();
    if (scheme == 'https') return clean;
    if (scheme == 'http') {
      // Prefer HTTPS: convert http:// to https:// to increase chance of
      // successful loading on modern platforms (cleartext may be blocked).
      return clean.replaceFirst(RegExp(r'^http:', caseSensitive: false), 'https:');
    }
    return null;
  }

  final relative = clean.replaceFirst(RegExp(r'^/+'), '');
  return '$_customerAssetsBaseUrl/$relative';
}