diff options
author | Cash Costello <cash.costello@gmail.com> | 2011-11-05 11:56:27 -0700 |
---|---|---|
committer | Cash Costello <cash.costello@gmail.com> | 2011-11-05 11:56:27 -0700 |
commit | 12599e74e44cd9d2ee2c7dbc8b4950fd54aca789 (patch) | |
tree | 8f286b66b4d7eabdcd6c4a2c88249771853168a6 /js/lib | |
parent | 03604d683478ddbcf07fd280962cc6aba584701f (diff) | |
parent | c466a2d2306011b18d7d5f9a1bca0eae5560f980 (diff) | |
download | elgg-12599e74e44cd9d2ee2c7dbc8b4950fd54aca789.tar.gz elgg-12599e74e44cd9d2ee2c7dbc8b4950fd54aca789.tar.bz2 |
Merge pull request #88 from sembrestels/t3976
Refs #3976. Implements the fix for #3747 from PHP in elgg.normalize_url() js function.
Diffstat (limited to 'js/lib')
-rw-r--r-- | js/lib/elgglib.js | 33 |
1 files changed, 30 insertions, 3 deletions
diff --git a/js/lib/elgglib.js b/js/lib/elgglib.js index 85251c1e8..3e38bbad6 100644 --- a/js/lib/elgglib.js +++ b/js/lib/elgglib.js @@ -250,8 +250,35 @@ elgg.normalize_url = function(url) { url = url || ''; elgg.assertTypeOf('string', url); - // jslint complains if you use /regexp/ shorthand here... ?!?! - if ((new RegExp("^(https?:)?//", "i")).test(url)) { + validated = (function(url){ + url = elgg.parse_url(url); + if(url.scheme){ + url.scheme = url.scheme.toLowerCase(); + } + if(url.scheme == 'http' || url.scheme == 'https') { + if(!url.host) { + return false; + } + /* hostname labels may contain only alphanumeric characters, dots and hypens. */ + if(!(new RegExp("^([a-zA-Z0-9][a-zA-Z0-9\\-\\.]*)$", "i")).test(url.host) || url.host.charAt(-1) == '.'){ + return false; + } + } + /* some schemas allow the host to be empty */ + if (!url.scheme || !url.host && url.scheme != 'mailto' && url.scheme != 'news' && url.scheme != 'file') { + return false; + } + return true; + })(url); + + // all normal URLs including mailto: + if (validated) { + return url; + } + + // '//example.com' (Shortcut for protocol.) + // '?query=test', #target + else if ((new RegExp("^(\\#|\\?|//)", "i")).test(url)) { return url; } @@ -569,4 +596,4 @@ elgg.initWhenReady = function() { elgg.trigger_hook('init', 'system'); elgg.trigger_hook('ready', 'system'); } -};
\ No newline at end of file +}; |