Customizable whitelist of schemas for safeLinks

2023-08-10 21:13:06 +03:00 · 2015-01-25 19:47:32 +01:00 · 2015-01-25 19:47:32 +01:00 · 1d4296f34d
commit 1d4296f34d
parent bf5105cb1a
1 changed files with 23 additions and 2 deletions
--- a/Parsedown.php
+++ b/Parsedown.php
@ -84,6 +84,14 @@ class Parsedown

    protected $safeLinksEnabled = true;

+    protected $safeLinksWhitelist = array(
+        'http://',
+        'https://',
+        '/',
+        'ftp://',
+        'ftps://'
+    );
+
    #
    # Lines
    #
@ -1262,9 +1270,22 @@ class Parsedown
            $Element['attributes']['title'] = $Definition['title'];
        }

-        if ( $this->safeLinksEnabled && preg_match("/^(\/|https?:\/\/|ftps?:\/\/)/ui", $Element['attributes']['href']) === 0 )
+        if ( $this->safeLinksEnabled )
        {
-            return;
+            $matched = false;
+            foreach ( $this->safeLinksWhitelist as $scheme )
+            {
+                if ( stripos($Element['attributes']['href'], $scheme) === 0 )
+                {
+                    $matched = true;
+                    break;
+                }
+            }
+
+            if ( ! $matched )
+            {
+                return;
+            }
        }

        $Element['attributes']['href'] = htmlspecialchars($Element['attributes']['href'], ENT_QUOTES);