jeff/umap
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Allow geo: scheme in (description) links

Browse source 
Fix #1140
This commit is contained in:
David Larlet 2023-06-14 12:56:32 -04:00
parent 186480ea01
commit 4fca2cccca
No known key found for this signature in database
GPG key ID: 3E2953A359E7E7BD
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
umap/static/umap/js/umap.core.js
View file

@ -64,6 +64,12 @@ L.Util.escapeHTML = (s) => {
], ],
ADD_ATTR: ['target', 'allow', 'allowfullscreen', 'frameborder', 'scrolling'], ADD_ATTR: ['target', 'allow', 'allowfullscreen', 'frameborder', 'scrolling'],
ALLOWED_ATTR: ['href', 'src', 'width', 'height'], ALLOWED_ATTR: ['href', 'src', 'width', 'height'],
// Added: `geo:` URL scheme as defined in RFC5870:
// https://www.rfc-editor.org/rfc/rfc5870.html
// The base RegExp comes from:
// https://github.com/cure53/DOMPurify/blob/main/src/regexp.js#L10
ALLOWED_URI_REGEXP:
/^(?:(?:(?:f|ht)tps?|mailto|tel|callto|sms|cid|xmpp|geo):|[^a-z]|[a-z+.\-]+(?:[^a-z+.\-:]|$))/i,
}) })
return s return s
} }