From bd11a52f1ea4de72f2f9e2f121e048bcc693dccb Mon Sep 17 00:00:00 2001
From: elian0211 <elian0211@gmail.com>
Date: Wed, 25 Feb 2015 21:27:13 +0800
Subject: [PATCH] update func isSafeLink

---
 inline.go | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/inline.go b/inline.go
index 4715b9e..c18bd91 100644
--- a/inline.go
+++ b/inline.go
@@ -757,15 +757,21 @@ func isEndOfLink(char byte) bool {
 	return isspace(char) || char == '<'
 }
 
-var validUris = [][]byte{[]byte("/"), []byte("./"), []byte("../"), []byte("http://"), []byte("https://"), []byte("ftp://"), []byte("mailto://")}
+var validUris = [][]byte{[]byte("http://"), []byte("https://"), []byte("ftp://"), []byte("mailto://")}
+var validPaths = [][]byte{[]byte("/"), []byte("./"), []byte("../")}
 
 func isSafeLink(link []byte) bool {
-	for index, prefix := range validUris {
-		if index <= 2 {
-			if len(link) == len(prefix) && bytes.Equal(bytes.ToLower(link[:len(prefix)]), prefix) {
+	for _, path := range validPaths {
+		if len(link) >= len(path) && bytes.Equal(link[:len(path)], path) {
+			if len(link) == len(path) {
+				return true
+			} else if isalnum(link[len(path)]) {
 				return true
 			}
 		}
+	}
+
+	for _, prefix := range validUris {
 		// TODO: handle unicode here
 		// case-insensitive prefix test
 		if len(link) > len(prefix) && bytes.Equal(bytes.ToLower(link[:len(prefix)]), prefix) && isalnum(link[len(prefix)]) {