(projectId: string)
| 6 | * (e.g. `#`, `/`, `@`), preventing SSRF via fragment injection. |
| 7 | */ |
| 8 | export function supabaseBaseUrl(projectId: string): string { |
| 9 | const result = validateSupabaseProjectId(projectId) |
| 10 | if (!result.isValid) { |
| 11 | throw new Error(result.error) |
| 12 | } |
| 13 | return `https://${result.sanitized}.supabase.co` |
| 14 | } |
no test coverage detected