all repos — grayfriday @ bd11a52f1ea4de72f2f9e2f121e048bcc693dccb

blackfriday fork with a few changes 

update func isSafeLink
elian0211 elian0211@gmail.com
Wed, 25 Feb 2015 21:27:13 +0800
commit

bd11a52f1ea4de72f2f9e2f121e048bcc693dccb

parent

27ba4cebef7f37e0bb5685e23cb7213cd809f9e8

1 files changed, 10 insertions(+), 4 deletions(-)

jump to
M inline.goinline.go 
@@ -757,15 +757,21 @@ func isEndOfLink(char byte) bool {
 	return isspace(char) || char == '<'
 }
 
-var validUris = [][]byte{[]byte("/"), []byte("./"), []byte("../"), []byte("http://"), []byte("https://"), []byte("ftp://"), []byte("mailto://")}
+var validUris = [][]byte{[]byte("http://"), []byte("https://"), []byte("ftp://"), []byte("mailto://")}
+var validPaths = [][]byte{[]byte("/"), []byte("./"), []byte("../")}
 
 func isSafeLink(link []byte) bool {
-	for index, prefix := range validUris {
-		if index <= 2 {
-			if len(link) == len(prefix) && bytes.Equal(bytes.ToLower(link[:len(prefix)]), prefix) {
+	for _, path := range validPaths {
+		if len(link) >= len(path) && bytes.Equal(link[:len(path)], path) {
+			if len(link) == len(path) {
+				return true
+			} else if isalnum(link[len(path)]) {
 				return true
 			}
 		}
+	}
+
+	for _, prefix := range validUris {
 		// TODO: handle unicode here
 		// case-insensitive prefix test
 		if len(link) > len(prefix) && bytes.Equal(bytes.ToLower(link[:len(prefix)]), prefix) && isalnum(link[len(prefix)]) {