diff --git a/source/Ox/js/HTML.js b/source/Ox/js/HTML.js
index ebb2834d..136a4135 100644
--- a/source/Ox/js/HTML.js
+++ b/source/Ox/js/HTML.js
@@ -49,7 +49,7 @@
tag: {
a: [
[
- /]*?href="((https?:\/\/|\/).+?)".*?>/gi,
+ /]*?href="((https?:\/\/|mailto:|\/).+?)".*?>/gi,
'',
],
[
@@ -333,12 +333,16 @@
Ox.sanitizeHTML Takes untrusted HTML and returns something trustworthy
> Ox.sanitizeHTML('http://foo.com, bar')
'http://foo.com, bar'
- > Ox.sanitizeHTML('http://foo.com/foobar?foo, bar')
- 'http://foo.com/foobar?foo, bar'
+ > Ox.sanitizeHTML('http://foo.com/foo?bar, bar')
+ 'http://foo.com/foo?bar, bar'
> Ox.sanitizeHTML('(see: www.foo.com)')
'(see: www.foo.com)'
> Ox.sanitizeHTML('foo@bar.com')
'foo@bar.com'
+ > Ox.sanitizeHTML('foo')
+ 'foo'
+ > Ox.sanitizeHTML('foo')
+ 'foo'
> Ox.sanitizeHTML('foo')
'foo'
> Ox.sanitizeHTML('foo')
@@ -356,68 +360,33 @@
> Ox.sanitizeHTML('foo')
'foo'
@*/
- Ox.sanitizeHTML = (function() {
- var defaultTags = [
- // inline formatting
- 'b', 'code', 'i', 's', 'sub', 'sup', 'u',
- // block formatting
- 'blockquote', 'h1', 'h2', 'h3', 'p', 'pre',
- // lists
- 'li', 'ol', 'ul',
- // tables
- 'table', 'tbody', 'td', 'tfoot', 'th', 'thead', 'tr',
- // other
- 'a', 'br', 'img',
- // special
- 'rtl', '[]'
- ],
- parse = {
- a: {
- ']*?href="((https?:\/\/|\/).+?)".*?>': '',
- '<\/a>': ''
- },
- img: {
- ']*?src="((https?:\/\/|\/).+?)".*?>': ''
- },
- rtl: {
- '': '',
- '<\/rtl>': '
'
- },
- '*': function(tag) {
- var ret = {};
- ret['<(/?' + tag + ') ?/?>'] = '<{1}>';
- return ret;
- }
- },
- tab = '\t';
- return function(html, tags, wikilinks) {
- var matches = [];
- tags = tags || defaultTags;
- // html = Ox.clean(html); fixme: can this be a parameter?
- if (tags.indexOf('[]') > -1) {
- html = html.replace(/\[((https?:\/\/|\/).+?) (.+?)\]/gi, '$3');
- tags = tags.filter(function(tag) {
- return tag != '[]';
- });
- }
- tags.forEach(function(tag) {
- var array = replace.tag[tag] || replace.tag['*'](tag);
- Ox.forEach(array, function(value) {
- html = html.replace(value[0], function() {
- matches.push(Ox.formatString(value[1], arguments));
- return salt.join(matches.length - 1);
- });
+ Ox.sanitizeHTML = function(html, tags) {
+ var matches = [];
+ tags = tags || defaultTags;
+ // html = Ox.clean(html); fixme: can this be a parameter?
+ if (tags.indexOf('[]') > -1) {
+ html = html.replace(/\[((https?:\/\/|mailto:|\/).+?) (.+?)\]/gi, '$3');
+ tags = tags.filter(function(tag) {
+ return tag != '[]';
+ });
+ }
+ tags.forEach(function(tag) {
+ var array = replace.tag[tag] || replace.tag['*'](tag);
+ Ox.forEach(array, function(value) {
+ html = html.replace(value[0], function() {
+ matches.push(Ox.formatString(value[1], arguments));
+ return salt.join(matches.length - 1);
});
});
- html = Ox.addLinks(Ox.encodeHTMLEntities(html), true);
- matches.forEach(function(match, i) {
- html = html.replace(new RegExp(salt.join(i)), match);
- });
- html = html.replace(/\n\n/g, '
');
- // Close extra opening and remove extra closing tags.
- // Note: this converts ''' to "'" and '"' to '"'
- return Ox.normalizeHTML(html);
- };
- }());
+ });
+ html = Ox.addLinks(Ox.encodeHTMLEntities(html), true);
+ matches.forEach(function(match, i) {
+ html = html.replace(new RegExp(salt.join(i)), match);
+ });
+ html = html.replace(/\n\n/g, '
');
+ // Close extra opening and remove extra closing tags.
+ // Note: this converts ''' to "'" and '"' to '"'
+ return Ox.normalizeHTML(html);
+ };
}());