validateKref function

void validateKref(
  1. String uri
)

Validates a Kref URI for security and correctness.

Checks for:

  • Proper kref:// scheme
  • No path traversal patterns (..)
  • No control characters
  • Valid path segment format

Throws a KrefValidationError if the URI is invalid.

try {
  validateKref('kref://project/space/item.kind?r=1');
} on KrefValidationError catch (e) {
  print('Invalid kref: $e');
}

Implementation

void validateKref(String uri) {
  if (uri.contains('..')) {
    throw KrefValidationError(
      "Invalid kref URI '$uri': path traversal (..) not allowed",
    );
  }

  // Check for control characters
  for (var i = 0; i < uri.length; i++) {
    final code = uri.codeUnitAt(i);
    if (code < 32 || code == 127) {
      throw KrefValidationError(
        "Invalid kref URI '$uri': control characters not allowed",
      );
    }
  }

  if (!_krefPattern.hasMatch(uri)) {
    throw KrefValidationError(
      "Invalid kref URI '$uri': must be format kref://project/space/item.kind",
    );
  }
}