<?xml version="1.0" encoding="iso-8859-1"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <title>contains_bad_protocols? (HTML::WhiteListSanitizer)</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <link rel="stylesheet" href="../../.././rdoc-style.css" type="text/css" media="screen" /> </head> <body class="standalone-code"> <pre><span class="ruby-comment cmt"># File lib/action_controller/vendor/html-scanner/html/sanitizer.rb, line 168</span> <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">contains_bad_protocols?</span>(<span class="ruby-identifier">attr_name</span>, <span class="ruby-identifier">value</span>) <span class="ruby-identifier">uri_attributes</span>.<span class="ruby-identifier">include?</span>(<span class="ruby-identifier">attr_name</span>) <span class="ruby-operator">&&</span> (<span class="ruby-identifier">value</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp re">/(^[^\/:]*):|(&#0*58)|(&#x70)|(%|&#37;)3A/</span> <span class="ruby-operator">&&</span> <span class="ruby-operator">!</span><span class="ruby-identifier">allowed_protocols</span>.<span class="ruby-identifier">include?</span>(<span class="ruby-identifier">value</span>.<span class="ruby-identifier">split</span>(<span class="ruby-identifier">protocol_separator</span>).<span class="ruby-identifier">first</span>)) <span class="ruby-keyword kw">end</span></pre> </body> </html>