all repos — grayfriday @ 5405274d9994556c49bed724889558c8de335ffe

blackfriday fork with a few changes 

Merge pull request #44 from FreakyDazio/safe-relatives

Relative URIs are considered safe
Vytautas Ĺ altenis vytas@rtfb.lt
Wed, 08 Jan 2014 11:51:13 -0800
commit

5405274d9994556c49bed724889558c8de335ffe

parent

0c38d23ca25d46a03814024113a488baca6b201c

2 files changed, 29 insertions(+), 1 deletions(-)

jump to
M inline.goinline.go 
@@ -718,7 +718,7 @@ 
 	return linkEnd - rewind
 }
 
-var validUris = [][]byte{[]byte("http://"), []byte("https://"), []byte("ftp://"), []byte("mailto://")}
+var validUris = [][]byte{[]byte("http://"), []byte("https://"), []byte("ftp://"), []byte("mailto://"), []byte("/")}
 
 func isSafeLink(link []byte) bool {
 	for _, prefix := range validUris {
M inline_test.goinline_test.go 
@@ -32,6 +32,10 @@ func doTestsInline(t *testing.T, tests []string) {
 	doTestsInlineParam(t, tests, 0, 0)
 }
 
+func doSafeTestsInline(t *testing.T, tests []string) {
+	doTestsInlineParam(t, tests, 0, HTML_SAFELINK)
+}
+
 func doTestsInlineParam(t *testing.T, tests []string, extensions, htmlFlags int) {
 	// catch and report panics
 	var candidate string

@@ -415,6 +419,30 @@ "[[t]](/t)\n",
 		"<p><a href=\"/t\">[t]</a></p>\n",
 	}
 	doTestsInline(t, tests)
+}
+
+func TestSafeInlineLink(t *testing.T) {
+	var tests = []string{
+		"[foo](/bar/)\n",
+		"<p><a href=\"/bar/\">foo</a></p>\n",
+
+		"[foo](http://bar/)\n",
+		"<p><a href=\"http://bar/\">foo</a></p>\n",
+
+		"[foo](https://bar/)\n",
+		"<p><a href=\"https://bar/\">foo</a></p>\n",
+
+		"[foo](ftp://bar/)\n",
+		"<p><a href=\"ftp://bar/\">foo</a></p>\n",
+
+		"[foo](mailto://bar/)\n",
+		"<p><a href=\"mailto://bar/\">foo</a></p>\n",
+
+		// Not considered safe
+		"[foo](baz://bar/)\n",
+		"<p><tt>foo</tt></p>\n",
+	}
+	doSafeTestsInline(t, tests)
 }
 
 func TestReferenceLink(t *testing.T) {