Merge pull request #1141 from umap-project/1140-allow-geo-scheme
Allow `geo:` scheme in (description) links
This commit is contained in:
commit
0076614ee8
2 changed files with 13 additions and 0 deletions
|
@ -64,6 +64,12 @@ L.Util.escapeHTML = (s) => {
|
||||||
],
|
],
|
||||||
ADD_ATTR: ['target', 'allow', 'allowfullscreen', 'frameborder', 'scrolling'],
|
ADD_ATTR: ['target', 'allow', 'allowfullscreen', 'frameborder', 'scrolling'],
|
||||||
ALLOWED_ATTR: ['href', 'src', 'width', 'height'],
|
ALLOWED_ATTR: ['href', 'src', 'width', 'height'],
|
||||||
|
// Added: `geo:` URL scheme as defined in RFC5870:
|
||||||
|
// https://www.rfc-editor.org/rfc/rfc5870.html
|
||||||
|
// The base RegExp comes from:
|
||||||
|
// https://github.com/cure53/DOMPurify/blob/main/src/regexp.js#L10
|
||||||
|
ALLOWED_URI_REGEXP:
|
||||||
|
/^(?:(?:(?:f|ht)tps?|mailto|tel|callto|sms|cid|xmpp|geo):|[^a-z]|[a-z+.\-]+(?:[^a-z+.\-:]|$))/i,
|
||||||
})
|
})
|
||||||
return s
|
return s
|
||||||
}
|
}
|
||||||
|
|
|
@ -166,6 +166,13 @@ describe('L.Util', function () {
|
||||||
assert.equal(L.Util.escapeHTML('<span onload="alert(oups)">'), '<span></span>')
|
assert.equal(L.Util.escapeHTML('<span onload="alert(oups)">'), '<span></span>')
|
||||||
})
|
})
|
||||||
|
|
||||||
|
it('should not escape geo: links', function () {
|
||||||
|
assert.equal(
|
||||||
|
L.Util.escapeHTML('<a href="geo:1,2"></a>'),
|
||||||
|
'<a href="geo:1,2"></a>'
|
||||||
|
)
|
||||||
|
})
|
||||||
|
|
||||||
it('should not fail with int value', function () {
|
it('should not fail with int value', function () {
|
||||||
assert.equal(L.Util.escapeHTML(25), '25')
|
assert.equal(L.Util.escapeHTML(25), '25')
|
||||||
})
|
})
|
||||||
|
|
Loading…
Reference in a new issue