Permalink
Browse files

Merge pull request #44 from FreakyDazio/safe-relatives

Relative URIs are considered safe
  • Loading branch information...
2 parents 0c38d23 + 607ec21 commit 5405274d9994556c49bed724889558c8de335ffe @rtfb rtfb committed Jan 8, 2014
Showing with 29 additions and 1 deletion.
  1. +1 −1 inline.go
  2. +28 −0 inline_test.go
View
@@ -718,7 +718,7 @@ func autoLink(p *parser, out *bytes.Buffer, data []byte, offset int) int {
return linkEnd - rewind
}
-var validUris = [][]byte{[]byte("http://"), []byte("https://"), []byte("ftp://"), []byte("mailto://")}
+var validUris = [][]byte{[]byte("http://"), []byte("https://"), []byte("ftp://"), []byte("mailto://"), []byte("/")}
func isSafeLink(link []byte) bool {
for _, prefix := range validUris {
View
@@ -32,6 +32,10 @@ func doTestsInline(t *testing.T, tests []string) {
doTestsInlineParam(t, tests, 0, 0)
}
+func doSafeTestsInline(t *testing.T, tests []string) {
+ doTestsInlineParam(t, tests, 0, HTML_SAFELINK)
+}
+
func doTestsInlineParam(t *testing.T, tests []string, extensions, htmlFlags int) {
// catch and report panics
var candidate string
@@ -417,6 +421,30 @@ func TestInlineLink(t *testing.T) {
doTestsInline(t, tests)
}
+func TestSafeInlineLink(t *testing.T) {
+ var tests = []string{
+ "[foo](/bar/)\n",
+ "<p><a href=\"/bar/\">foo</a></p>\n",
+
+ "[foo](http://bar/)\n",
+ "<p><a href=\"http://bar/\">foo</a></p>\n",
+
+ "[foo](https://bar/)\n",
+ "<p><a href=\"https://bar/\">foo</a></p>\n",
+
+ "[foo](ftp://bar/)\n",
+ "<p><a href=\"ftp://bar/\">foo</a></p>\n",
+
+ "[foo](mailto://bar/)\n",
+ "<p><a href=\"mailto://bar/\">foo</a></p>\n",
+
+ // Not considered safe
+ "[foo](baz://bar/)\n",
+ "<p><tt>foo</tt></p>\n",
+ }
+ doSafeTestsInline(t, tests)
+}
+
func TestReferenceLink(t *testing.T) {
var tests = []string{
"[link][ref]\n",

0 comments on commit 5405274

Please sign in to comment.