sanitize-html v1.14.0 Release Notes
allowProtocolRelativeoption, which is set to
trueby default, allows you to decline to accept URLs that start with
//and thus point to a different host using the current protocol. If you do not want to permit this, set this option to
false. This is fully backwards compatible because the default behavior is to allow them. Thanks to Luke Bernard.