From 0db98f7b4a26a7dedb2f078efdcfe8d163024f94 Mon Sep 17 00:00:00 2001
From: Vitaly Puzrin <vitaly@rcdesign.ru>
Date: Tue, 31 Mar 2015 00:21:34 +0300
Subject: [PATCH] Simplified links validator - use regexes

---
 lib/index.js | 24 +++++-------------------
 1 file changed, 5 insertions(+), 19 deletions(-)

diff --git a/lib/index.js b/lib/index.js
index 320b983..e67a56d 100644
--- a/lib/index.js
+++ b/lib/index.js
@@ -22,34 +22,20 @@ var config = {
 
 ////////////////////////////////////////////////////////////////////////////////
 //
-// This validator does not pretent to functionality of full weight sanitizers.
+// This validator does not pretend to functionality of full weight sanitizers.
 // It's a tradeoff between default security, simplicity and usability.
 // If you need different setup - override validator method as you wish. Or
 // replace it with dummy function and use external sanitizer.
 //
 
-var BAD_PROTOCOLS      = [ 'vbscript', 'javascript', 'file', 'data' ];
-var ALLOWED_DATA_MIMES = [
-  'data:image/gif',
-  'data:image/png',
-  'data:image/jpeg',
-  'data:image/webp'
-];
+var BAD_PROTO_RE = /vbscript:|javascript:|file:|data:/;
+var GOOD_DATA_RE = /data:image\/(gif|png|jpeg|webp);/;
 
 function validateLink(url) {
   // url should be normalized at this point, and existing entities are decoded
+  var str = url.trim().toLowerCase();
 
-  var str      = url.trim().toLowerCase(),
-      protocol = str.split(':')[0];
-
-  if (str.indexOf(':') >= 0 && BAD_PROTOCOLS.indexOf(protocol) >= 0) {
-    if (protocol === 'data' && ALLOWED_DATA_MIMES.indexOf(str.split(';')[0]) >= 0) {
-      return true;
-    }
-    return false;
-  }
-
-  return true;
+  return BAD_PROTO_RE.test(str) ? (GOOD_DATA_RE.test(str) ? true : false) : true;
 }
 
 ////////////////////////////////////////////////////////////////////////////////