all repos — grayfriday @ 5405274d9994556c49bed724889558c8de335ffe

blackfriday fork with a few changes

Merge pull request #44 from FreakyDazio/safe-relatives

Relative URIs are considered safe
Vytautas Ĺ altenis vytas@rtfb.lt
Wed, 08 Jan 2014 11:51:13 -0800
commit

5405274d9994556c49bed724889558c8de335ffe

parent

0c38d23ca25d46a03814024113a488baca6b201c

2 files changed, 29 insertions(+), 1 deletions(-)

jump to
M inline.goinline.go

@@ -718,7 +718,7 @@

return linkEnd - rewind } -var validUris = [][]byte{[]byte("http://"), []byte("https://"), []byte("ftp://"), []byte("mailto://")} +var validUris = [][]byte{[]byte("http://"), []byte("https://"), []byte("ftp://"), []byte("mailto://"), []byte("/")} func isSafeLink(link []byte) bool { for _, prefix := range validUris {
M inline_test.goinline_test.go

@@ -32,6 +32,10 @@ func doTestsInline(t *testing.T, tests []string) {

doTestsInlineParam(t, tests, 0, 0) } +func doSafeTestsInline(t *testing.T, tests []string) { + doTestsInlineParam(t, tests, 0, HTML_SAFELINK) +} + func doTestsInlineParam(t *testing.T, tests []string, extensions, htmlFlags int) { // catch and report panics var candidate string

@@ -415,6 +419,30 @@ "[[t]](/t)\n",

"<p><a href=\"/t\">[t]</a></p>\n", } doTestsInline(t, tests) +} + +func TestSafeInlineLink(t *testing.T) { + var tests = []string{ + "[foo](/bar/)\n", + "<p><a href=\"/bar/\">foo</a></p>\n", + + "[foo](http://bar/)\n", + "<p><a href=\"http://bar/\">foo</a></p>\n", + + "[foo](https://bar/)\n", + "<p><a href=\"https://bar/\">foo</a></p>\n", + + "[foo](ftp://bar/)\n", + "<p><a href=\"ftp://bar/\">foo</a></p>\n", + + "[foo](mailto://bar/)\n", + "<p><a href=\"mailto://bar/\">foo</a></p>\n", + + // Not considered safe + "[foo](baz://bar/)\n", + "<p><tt>foo</tt></p>\n", + } + doSafeTestsInline(t, tests) } func TestReferenceLink(t *testing.T) {