Merge pull request #44 from FreakyDazio/safe-relatives

Relative URIs are considered safe
This commit is contained in:
Vytautas Šaltenis 2014-01-08 11:51:13 -08:00
commit 5405274d99
2 changed files with 29 additions and 1 deletions

View File

@ -718,7 +718,7 @@ func autoLink(p *parser, out *bytes.Buffer, data []byte, offset int) int {
return linkEnd - rewind return linkEnd - rewind
} }
var validUris = [][]byte{[]byte("http://"), []byte("https://"), []byte("ftp://"), []byte("mailto://")} var validUris = [][]byte{[]byte("http://"), []byte("https://"), []byte("ftp://"), []byte("mailto://"), []byte("/")}
func isSafeLink(link []byte) bool { func isSafeLink(link []byte) bool {
for _, prefix := range validUris { for _, prefix := range validUris {

View File

@ -32,6 +32,10 @@ func doTestsInline(t *testing.T, tests []string) {
doTestsInlineParam(t, tests, 0, 0) doTestsInlineParam(t, tests, 0, 0)
} }
func doSafeTestsInline(t *testing.T, tests []string) {
doTestsInlineParam(t, tests, 0, HTML_SAFELINK)
}
func doTestsInlineParam(t *testing.T, tests []string, extensions, htmlFlags int) { func doTestsInlineParam(t *testing.T, tests []string, extensions, htmlFlags int) {
// catch and report panics // catch and report panics
var candidate string var candidate string
@ -417,6 +421,30 @@ func TestInlineLink(t *testing.T) {
doTestsInline(t, tests) doTestsInline(t, tests)
} }
func TestSafeInlineLink(t *testing.T) {
var tests = []string{
"[foo](/bar/)\n",
"<p><a href=\"/bar/\">foo</a></p>\n",
"[foo](http://bar/)\n",
"<p><a href=\"http://bar/\">foo</a></p>\n",
"[foo](https://bar/)\n",
"<p><a href=\"https://bar/\">foo</a></p>\n",
"[foo](ftp://bar/)\n",
"<p><a href=\"ftp://bar/\">foo</a></p>\n",
"[foo](mailto://bar/)\n",
"<p><a href=\"mailto://bar/\">foo</a></p>\n",
// Not considered safe
"[foo](baz://bar/)\n",
"<p><tt>foo</tt></p>\n",
}
doSafeTestsInline(t, tests)
}
func TestReferenceLink(t *testing.T) { func TestReferenceLink(t *testing.T) {
var tests = []string{ var tests = []string{
"[link][ref]\n", "[link][ref]\n",