Improving link matching and adding tests. Version bump => 0.3.2.

Author: James Socol

bleach/__init__.py

@@ -41,8 +41,10 @@
        tv tw tz ua ug uk us uy uz va vc ve vg vi vn vu wf ws xn ye yt yu za zm
        zw""".split()
 
+TLDS.reverse()
 
-url_re = re.compile(r'\b(?:[\w-]+:/{0,3})?(?<!@)[\w.-]+\.(?:(?:%s)\w*)(?:(?:\/|\?)\S*)?' % u'|'.join(TLDS))
+
+url_re = re.compile(r'\b(?:[\w-]+:/{0,3})?(?<!@)[\w.-]+\.(?:%s)(?:[/?]\S*)?\b' % u'|'.join(TLDS))
 proto_re = re.compile(r'^[\w-]+:/{0,3}')
 
 

bleach/tests/test_links.py

@@ -110,3 +110,15 @@ def test_escaped_html():
 #def test_link_http_complete():
 #    eq_('<a href="https://user:pass@ftp.mozilla.com/x/y.exe?a=b&amp;c=d&amp;e#f">https://user:pass@ftp.mozilla.com/x/y.exe?a=b&amp;c=d&amp;e#f</a>',
 #        b.linkify('https://user:pass@ftp.mozilla.org/x/y.exe?a=b&c=d&e#f'))
+
+
+def test_non_url():
+    """document.vulnerable should absolutely not be linkified."""
+    s = 'document.vulnerable'
+    eq_(s, b.linkify(s))
+
+
+def test_javascript_url():
+    """javascript: urls should never be linkified."""
+    s = 'javascript:document.vulnerable'
+    eq_(s, b.linkify(s))

setup.py

@@ -2,7 +2,7 @@
 
 setup(
     name='bleach',
-    version='0.3.1',
+    version='0.3.2',
     description='An easy whitelist-based HTML-sanitizing tool.',
     long_description=open('README.rst').read(),
     author='James Socol',