Allow http(s) URLs to localhost in HTML

The protocol-relative URL check was too broad - it matched `//` inside
`http://[::1]:5173` and similar Vite dev server URLs. Add a negative
lookbehind for `:` so `http://` and `https://` URLs are not caught while
still blocking bare `//localhost` protocol-relative URLs.

Fixes spatie/laravel-pdf#309

Author: freekmurze

src/Browsershot.php

@@ -341,7 +341,7 @@ public function setHtml(string $html): static
                 }
             }
 
-            if (preg_match('#//\s*(localhost[/:\s]|127\.|0\.0\.0\.0[/:\s]|\[::1][/:\s]|::1[/:\s])#i', $content)) {
+            if (preg_match('#(?<!:)//\s*(localhost[/:\s]|127\.|0\.0\.0\.0[/:\s]|\[::1][/:\s]|::1[/:\s])#i', $content)) {
                 throw HtmlIsNotAllowedToContainFile::make();
             }
 

tests/BrowsershotTest.php

@@ -99,6 +99,17 @@
     expect($browsershot)->toBeInstanceOf(Browsershot::class);
 });
 
+it('will allow html with http urls to localhost', function (string $html) {
+    $browsershot = Browsershot::html($html);
+
+    expect($browsershot)->toBeInstanceOf(Browsershot::class);
+})->with([
+    '<script type="module" src="http://[::1]:5173/@vite/client"></script>',
+    '<link rel="stylesheet" href="http://localhost:5173/resources/css/app.css">',
+    '<script type="module" src="http://127.0.0.1:5173/resources/js/app.js"></script>',
+    '<script type="module" src="https://localhost:5173/@vite/client"></script>',
+]);
+
 it('will allow html containing backslashes in css', function (string $html) {
     $browsershot = Browsershot::html($html);