Fetch preview_url under the SSRF policy, validate response
shape, and parse the body. Redirects are treated as failure
(policy: follow_redirects: false). The body is capped at
max_body_bytes bytes — exceeding the cap yields a
size_exceeded failure rather than a truncated parse.
Throws PreviewFetchError on any fetch-layer failure so the
runner can map the sub-reason to the contract's
preview_url_unusable_sub_reasons vocabulary.
See matchBindings.
See assertRfc3986Safe.
See assertUnreservedOnly.
See enforceSsrfPolicy.
Parse inline preview HTML and return tracker URLs from the contract's normative tag/attribute set. URLs that fail WHATWG URL parsing are skipped silently — a downstream binding that expected them surfaces as
substitution_binding_missing.