Feature: Allow disabling of @lexical/link href sanitization

[Nantris]

There are valid use cases for less common protocols and they should be easy to enable for use cases where that is necessary and not foolish from a security standpoint. I think ideally it would accept a custom validation function.

[acywatson]

There are valid use cases for less common protocols and they should be easy to enable for use cases where that is necessary and not foolish from a security standpoint. I think ideally it would accept a custom validation function.

Yes, true, I did think about this and figured we would have to consider improving the configurability API at some point in the future. However, it's totally possible now in much the same way that you would customize any other node behavior. Simply override the node with your own node and implement the sanitizeUrl function however you want. If you want it can be:

sanitizeUrl(url: string): string  {
  return url;
}

The problem is that you can (and people do) use LinkNode without using LinkPlugin or any of the other abstraction layers, which means...where would you pass in the validation function? I guess you could pass it into the constructor, but that'd be a first for us, AFAIK.

[addlistener]

currently if I do this in sanitizeUrl

export function sanitizeUrl(url: string): string {
  return url; // DIRECTLY return! 
  ....
}

The result will still be https:// even if I entered sth like #footer.

I guess there are some hidden logic?

The link will be updated for a couple times even after I directly returned url in sanitizeUrl