validate url to prevent xss

[gtsp233]

Fix for Cross-Site Scripting (XSS) Vulnerability

I've identified a Cross-Site Scripting (XSS) vulnerability in package @mtbird/helper-extension

Vulnerability Details:

• Severity: High/Critical
• Description: There's a risk of malicious script execution when the url is controlled by an adversary.

POC:
In a React.js project:

import { helpers } from "@mtbird/helper-extension";
helpers.generateEventHandler({}, { link: "link", href: "javascript:alert(1)" });

Then the malicious code alert(1) will be executed.

Suggested Fix or Mitigation:
It is best practice for a helper function to ensure security by sanitizing the URL before passing it to window.open. React.js and many popular libraries such as react-router-dom and Next.js also ensure URL safety to prevent XSS. For instance, React.js issues warnings about URLs starting with javascript: and is planning to block these in future versions, as indicated in facebook/react#15047.

I've already fixed and tested this issue, and have submitted a pull request with the necessary changes. Please review and merge my pull request to resolve this vulnerability. Thanks!

[CLAassistant]

All committers have signed the CLA.