1 files changed, 34 insertions, 7 deletions

diff --git a/js/lib/elgglib.js b/js/lib/elgglib.js
index d963a62be..ca7914e7c 100644
--- a/js/lib/elgglib.js
+++ b/js/lib/elgglib.js
@@ -224,8 +224,8 @@ elgg.provide = function(pkg, opt_context) {
  * child.foo('boo!'); // alert('boo!');
  * </pre>
  *
- * @param {Function} childCtor Child class.
- * @param {Function} parentCtor Parent class.
+ * @param {Function} Child Child class constructor.
+ * @param {Function} Parent Parent class constructor.
  */
 elgg.inherit = function(Child, Parent) {
 	Child.prototype = new Parent();
@@ -250,8 +250,35 @@ elgg.normalize_url = function(url) {
 	url = url || '';
 	elgg.assertTypeOf('string', url);
 
-	// jslint complains if you use /regexp/ shorthand here... ?!?!
-	if ((new RegExp("^(https?:)?//", "i")).test(url)) {
+	validated = (function(url) {
+		url = elgg.parse_url(url);
+		if (url.scheme){
+			url.scheme = url.scheme.toLowerCase();
+		}
+		if (url.scheme == 'http' || url.scheme == 'https') {
+			if (!url.host) {
+				return false;
+			}
+			/* hostname labels may contain only alphanumeric characters, dots and hypens. */
+			if (!(new RegExp("^([a-zA-Z0-9][a-zA-Z0-9\\-\\.]*)$", "i")).test(url.host) || url.host.charAt(-1) == '.') {
+				return false;
+			}
+		}
+		/* some schemas allow the host to be empty */
+		if (!url.scheme || !url.host && url.scheme != 'mailto' && url.scheme != 'news' && url.scheme != 'file') {
+			return false;
+		}
+		return true;
+	})(url);
+
+	// all normal URLs including mailto:
+	if (validated) {		
+		return url;
+	}
+
+	// '//example.com' (Shortcut for protocol.)
+	// '?query=test', #target
+	else if ((new RegExp("^(\\#|\\?|//)", "i")).test(url)) {
 		return url;
 	}
 
@@ -535,7 +562,7 @@ elgg.push_to_object_array = function(object, parent, value) {
 		object[parent] = []
 	}
 
-	if (object[parent].indexOf(value) < 0) {
+	if ($.inArray(value, object[parent]) < 0) {
 		return object[parent].push(value);
 	}
 
@@ -553,7 +580,7 @@ elgg.is_in_object_array = function(object, parent, value) {
 	elgg.assertTypeOf('object', object);
 	elgg.assertTypeOf('string', parent);
 
-	return typeof(object[parent]) != 'undefined' && object[parent].indexOf(value) >= 0;
+	return typeof(object[parent]) != 'undefined' && $.inArray(value, object[parent]) >= 0;
 };
 
 /**
@@ -569,4 +596,4 @@ elgg.initWhenReady = function() {
 		elgg.trigger_hook('init', 'system');
 		elgg.trigger_hook('ready', 'system');
 	}
-};
\ No newline at end of file
+};