Merge pull request #82 from dimfeld/master
Sanitize shouldn't filter out URLs without protocol.pull/85/head
commit
03a690ac55
|
@ -92,7 +92,7 @@ func sanitizeHtmlSafe(input []byte) []byte {
|
|||
// protocol checking, do so and strip it if it's not known to be safe.
|
||||
tagProtocolAttrs, ok := protocolAttrs[tagName]
|
||||
if ok && tagProtocolAttrs[attrName] {
|
||||
if !protocolAllowed(val) {
|
||||
if !isRelativeLink(val) && !protocolAllowed(val) {
|
||||
continue
|
||||
}
|
||||
}
|
||||
|
|
|
@ -80,7 +80,7 @@ func TestSanitizeRawHtmlTag(t *testing.T) {
|
|||
"<p><img></p>\n",
|
||||
|
||||
`<IMG SRC=# onmouseover="alert('xxs')">`,
|
||||
"<p><img></p>\n",
|
||||
"<p><img src=\"#\"></p>\n",
|
||||
|
||||
`<IMG SRC= onmouseover="alert('xxs')">`,
|
||||
"<p><img></p>\n",
|
||||
|
@ -192,6 +192,8 @@ func TestSanitizeInlineLink(t *testing.T) {
|
|||
tests := []string{
|
||||
"[link](javascript:evil)",
|
||||
"<p><a>link</a></p>\n",
|
||||
"[link](/abc)",
|
||||
"<p><a href=\"/abc\">link</a></p>\n",
|
||||
}
|
||||
doTestsSanitize(t, tests)
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue