Simplified links validator - use regexes

lib/index.js

@@ -22,34 +22,20 @@ var config = {
 
 ////////////////////////////////////////////////////////////////////////////////
 //
-// This validator does not pretent to functionality of full weight sanitizers.
+// This validator does not pretend to functionality of full weight sanitizers.
 // It's a tradeoff between default security, simplicity and usability.
 // If you need different setup - override validator method as you wish. Or
 // replace it with dummy function and use external sanitizer.
 //
 
-var BAD_PROTOCOLS      = [ 'vbscript', 'javascript', 'file', 'data' ];
-var ALLOWED_DATA_MIMES = [
-  'data:image/gif',
-  'data:image/png',
-  'data:image/jpeg',
-  'data:image/webp'
-];
+var BAD_PROTO_RE = /vbscript:|javascript:|file:|data:/;
+var GOOD_DATA_RE = /data:image\/(gif|png|jpeg|webp);/;
 
 function validateLink(url) {
   // url should be normalized at this point, and existing entities are decoded
+  var str = url.trim().toLowerCase();
 
-  var str      = url.trim().toLowerCase(),
-      protocol = str.split(':')[0];
-
-  if (str.indexOf(':') >= 0 && BAD_PROTOCOLS.indexOf(protocol) >= 0) {
-    if (protocol === 'data' && ALLOWED_DATA_MIMES.indexOf(str.split(';')[0]) >= 0) {
-      return true;
-    }
-    return false;
-  }
-
-  return true;
+  return BAD_PROTO_RE.test(str) ? (GOOD_DATA_RE.test(str) ? true : false) : true;
 }
 
 ////////////////////////////////////////////////////////////////////////////////