Forbid javascript:// URLs in safe mode

author: Philipp Hagemeister <phihag@phihag.de> 2013-02-05 18:50:21 +0100
committer: Philipp Hagemeister <phihag@phihag.de> 2013-02-05 18:50:21 +0100
commit: f608517d9e1dee126431aafedabdabaa03ec2937 (patch)
tree: d3f60375488b2d63bac3d24b0a41d1af3073e213 /markdown/inlinepatterns.py
parent: c201f3c706316fbafff51631ce86a0a3784f3218 (diff)
download: markdown-f608517d9e1dee126431aafedabdabaa03ec2937.tar.gz
markdown-f608517d9e1dee126431aafedabdabaa03ec2937.tar.bz2
markdown-f608517d9e1dee126431aafedabdabaa03ec2937.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/markdown/inlinepatterns.py b/markdown/inlinepatterns.py
index a1b264c..1ebb310 100644
--- a/markdown/inlinepatterns.py
+++ b/markdown/inlinepatterns.py
@@ -364,6 +364,9 @@ class LinkPattern(Pattern):
                 # Not a safe url
                 return ''
 
+        if scheme == 'javascript':
+            return ''
+
         # Url passes all tests. Return url as-is.
         return urlunparse(url)
author	Philipp Hagemeister <phihag@phihag.de>	2013-02-05 18:50:21 +0100
committer	Philipp Hagemeister <phihag@phihag.de>	2013-02-05 18:50:21 +0100
commit	f608517d9e1dee126431aafedabdabaa03ec2937 (patch)
tree	d3f60375488b2d63bac3d24b0a41d1af3073e213 /markdown/inlinepatterns.py
parent	c201f3c706316fbafff51631ce86a0a3784f3218 (diff)
download	markdown-f608517d9e1dee126431aafedabdabaa03ec2937.tar.gz markdown-f608517d9e1dee126431aafedabdabaa03ec2937.tar.bz2 markdown-f608517d9e1dee126431aafedabdabaa03ec2937.zip