deeals protocol-relative URLs are external

jsx-eslint · May 22, 2017 · 664e5df · 664e5df
1 parent 7c45509
commit 664e5df
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 3 deletions.
diff --git a/lib/rules/jsx-no-target-blank.js b/lib/rules/jsx-no-target-blank.js
@@ -41,7 +41,7 @@ module.exports = {
               continue;
             }
             if (attr.name.name === 'href') {
-              if (attr.value.type === 'Literal' && !/^\w+:/.test(attr.value.value)) {
+              if (attr.value.type === 'Literal' && !/^(?:\w+:|\/\/)/.test(attr.value.value)) {
                 // it's safe because it is not an external link (i.e. doesn't start with a protocol)
                 return;
               }

diff --git a/tests/lib/rules/jsx-no-target-blank.js b/tests/lib/rules/jsx-no-target-blank.js
@@ -62,6 +62,12 @@ ruleTester.run('jsx-no-target-blank', rule, {
     errors: [{
       message: 'Using target="_blank" without rel="noopener noreferrer" is a security risk:' +
       ' see https://mathiasbynens.github.io/rel-noopener'
-    }]}
-  ]
+    }]
+  }, {
+    code: '<a target="_blank" href="//example.com"></a>',
+    errors: [{
+      message: 'Using target="_blank" without rel="noopener noreferrer" is a security risk:' +
+      ' see https://mathiasbynens.github.io/rel-noopener'
+    }]
+  }]
 });