|
@ -28,8 +28,8 @@ var config = { |
|
|
// replace it with dummy function and use external sanitizer.
|
|
|
// replace it with dummy function and use external sanitizer.
|
|
|
//
|
|
|
//
|
|
|
|
|
|
|
|
|
var BAD_PROTO_RE = /vbscript:|javascript:|file:|data:/; |
|
|
var BAD_PROTO_RE = /^(vbscript|javascript|file|data):/; |
|
|
var GOOD_DATA_RE = /data:image\/(gif|png|jpeg|webp);/; |
|
|
var GOOD_DATA_RE = /^data:image\/(gif|png|jpeg|webp);/; |
|
|
|
|
|
|
|
|
function validateLink(url) { |
|
|
function validateLink(url) { |
|
|
// url should be normalized at this point, and existing entities are decoded
|
|
|
// url should be normalized at this point, and existing entities are decoded
|
|
|