Closed Crozzers closed 1 year ago
@Crozzers wanted to check with you on this before I merge and release. Do you think this PR is done and ready to go?
In message @.***>, Nicholas Serra writes:
@Crozzers wanted to check with you on this before I merge and release. Do you think this PR is done and ready to go?
I would say yes, it's good to go. It fixes my initial use case.
My employers don't acknowledge my existence much less my opinions.
Yep, good to go
This PR fixes #517 by expanding the scope of the
_safe_href
regex to include more types of relative links.Previously, #513 was merged which allowed the following kinds of relative links:
But did not allow this:
[link](issue1)
The new regex should allow URLs to omit the protocol section of the URL or use relative paths instead of a protocol (eg:
./
,../
,/
) followed by a hostname, optional port number and then the rest of the URL.I've also expanded the number of accepted protocols to include
mailto:
andtel:
.Also, the
_safe_protocols
attribute has been re-introduced to allow users to extend the number of allowed protocols when operating in safe mode (see this comment).