fix: added sanitization on SSR input URL

package.json

@@ -59,6 +59,7 @@
         "url": "https://github.com/contentstack/live-preview-sdk.git"
     },
     "dependencies": {
+        "@braintree/sanitize-url": "^7.0.0",
         "just-camel-case": "^4.0.2",
         "morphdom": "^2.6.1",
         "mustache": "^4.2.0",

src/live-preview.ts

@@ -17,6 +17,7 @@ import { handleInitData } from "./utils/handleUserConfig";
 import { userInitData } from "./utils/defaults";
 import packageJson from "../package.json";
 import { replaceDocumentBody, updateDocumentBody } from "./utils/replaceHtml";
+import { sanitizeUrl } from "@braintree/sanitize-url";
 
 export default class LivePreview {
     /**
@@ -339,9 +340,22 @@ export default class LivePreview {
 
                 if (this.config.ssr) {
                     // Get the content from the server and replace the body
-
-                    const fetch_url = new URL(window.location.href);
-
+                    const previewURL = sanitizeUrl(window.location.href);
+                    if (previewURL === "about:blank") {
+                        throw new Error(
+                            "LIVE PREVIEW SDK: Invalid URL " +
+                                window.location.href
+                        );
+                    }
+                    const fetch_url = new URL(previewURL);
+                    if (
+                        fetch_url.protocol !== "https:" &&
+                        fetch_url.protocol !== "http:"
+                    ) {
+                        throw new Error(
+                            "LIVE PREVIEW SDK: Preview URL should have http or https"
+                        );
+                    }
                     fetch_url.searchParams.append("live_preview", hash);
                     fetch_url.searchParams.append(
                         "content_type_uid",