From 1c37f6d75b98cfd9774bba5bdfb1d33060fb3355 Mon Sep 17 00:00:00 2001
From: "Alex N. Jose" <alexnj@google.com>
Date: Mon, 6 Feb 2023 15:37:44 -0800
Subject: [PATCH] core(valid-source-maps): check only valid http/https urls for
 first-party js

---
 core/audits/valid-source-maps.js | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/core/audits/valid-source-maps.js b/core/audits/valid-source-maps.js
index b4124754ba69..7e1aa5f1eec7 100644
--- a/core/audits/valid-source-maps.js
+++ b/core/audits/valid-source-maps.js
@@ -7,6 +7,8 @@
 import {Audit} from './audit.js';
 import {EntityClassification} from '../computed/entity-classification.js';
 import * as i18n from '../lib/i18n/i18n.js';
+import {Util} from '../../shared/util.js';
+import UrlUtils from '../lib/url-utils.js';
 
 const UIStrings = {
   /** Title of a Lighthouse audit that provides detail on HTTP to HTTPS redirects. This descriptive title is shown to users when HTTP traffic is redirected to HTTPS. */
@@ -54,11 +56,13 @@ class ValidSourceMaps extends Audit {
    * @return {boolean}
    */
   static isLargeFirstPartyJS(script, classifiedEntities) {
-    if (!script.length) return false;
+    const url = script.url;
+    if (!script.length || !url) return false;
+    if (!UrlUtils.isValid(url)) return false;
+    if (!Util.createOrReturnURL(url).protocol.startsWith('http')) return false;
 
     const isLargeJS = script.length >= LARGE_JS_BYTE_THRESHOLD;
-    const isFirstPartyJS = script.url ? classifiedEntities.isFirstParty(script.url) : false;
-    return isLargeJS && isFirstPartyJS;
+    return classifiedEntities.isFirstParty(url) && isLargeJS;
   }
 
   /**