From 565ac2cb53be18b4efe2bd8d5c8b901a7bae7af9 Mon Sep 17 00:00:00 2001
From: Prospector <6166773+Prospector@users.noreply.github.com>
Date: Mon, 4 May 2026 02:47:15 -0700
Subject: [PATCH] fix: error when invalid iframe in markdown (#5985)

---
 packages/utils/parse.ts | 30 ++++++++++++++++--------------
 1 file changed, 16 insertions(+), 14 deletions(-)

diff --git a/packages/utils/parse.ts b/packages/utils/parse.ts
index fcf8b9d61..9ba3252ab 100644
--- a/packages/utils/parse.ts
+++ b/packages/utils/parse.ts
@@ -49,23 +49,25 @@ export const configuredXss = new FilterXSS({
 				},
 			]
 
-			const url = new URL(value)
+			try {
+				const url = new URL(value)
 
-			for (const source of allowedSources) {
-				if (!source.url.test(url.href)) {
-					continue
-				}
-
-				const newSearchParams = new URLSearchParams(url.searchParams)
-				url.searchParams.forEach((value, key) => {
-					if (!source.allowedParameters.some((param) => param.test(`${key}=${value}`))) {
-						newSearchParams.delete(key)
+				for (const source of allowedSources) {
+					if (!source.url.test(url.href)) {
+						continue
 					}
-				})
 
-				url.search = newSearchParams.toString()
-				return `${name}="${escapeAttrValue(url.toString())}"`
-			}
+					const newSearchParams = new URLSearchParams(url.searchParams)
+					url.searchParams.forEach((value, key) => {
+						if (!source.allowedParameters.some((param) => param.test(`${key}=${value}`))) {
+							newSearchParams.delete(key)
+						}
+					})
+
+					url.search = newSearchParams.toString()
+					return `${name}="${escapeAttrValue(url.toString())}"`
+				}
+			} catch {}
 		}
 
 		// For Highlight.JS