fix: handle about: and data: protocols when embedded in iframes/webviews

[PranavAgarkar07]

Related: #13490
Fixes: #13226

The problem

When a SvelteKit app is embedded in an <iframe srcdoc> or loaded via a data: URL (common in webviews and embedded widgets), hydration crashes with:

Uncaught TypeError: Failed to construct 'URL': Invalid URL

SvelteKit generates an inline script that runs new URL('.', location) to compute the base path. When location.protocol is about: (srcdoc iframes) or data: (data URL iframes), these are non-hierarchical protocols that cannot be used as a URL base — the browser throws immediately.

Two fixes

render.js — wrap the generated base_expression in a try/catch so a non-hierarchical protocol falls back to the statically-known base path instead of crashing:

// before
base_expression = `new URL(${s(base)}, location).pathname.slice(0, -1)`;

// after
base_expression = `(() => { try { return new URL(${s(base)}, location).pathname.slice(0, -1) } catch { return ${s(paths.base || '')} } })()`;

The try/catch is future-proof — it handles any non-hierarchical protocol without enumerating them.

utils.js — is_external_url was treating about: and data: URLs as external (their origin is "null"), causing all link clicks inside an embedded app to trigger full-page navigations instead of client-side routing:

if (url.protocol === 'about:' || url.protocol === 'data:') {
    return false;
}

Why not #13490?

PR #13490 has a bug in the render.js change: the fallback branch returns a raw URL object instead of a .pathname string, so base becomes [object URL]. This PR fixes both issues correctly.

Checklist

• Fixes Handle cases when location.protocol is about: or data: #13226
• Unit tests pass (pnpm -F @sveltejs/kit test:unit)
• Formatted with Prettier
• Changeset included (patch)
• Allow edits from maintainers

[changeset-bot]

🦋 Changeset detected

Latest commit: d7c9dee

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
@sveltejs/kit	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR