From 0670c0f2be1781a1ef2f5de33eac9deccb95c79e Mon Sep 17 00:00:00 2001
From: naNuke <nukeee@gmail.com>
Date: Sat, 24 Jan 2015 22:37:14 +0100
Subject: [PATCH] Improve safeLinks with whitelist.

---
 Parsedown.php | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/Parsedown.php b/Parsedown.php
index 37696c8..a6c94f6 100755
--- a/Parsedown.php
+++ b/Parsedown.php
@@ -1244,13 +1244,18 @@ class Parsedown
             $Element['attributes']['title'] = $Definition['title'];
         }
 
-        if ( $this->safeLinksEnabled && stripos($Element['attributes']['href'], 'javascript:') === 0 )
+        if ( $this->safeLinksEnabled && preg_match("/^(\/|https?:\/\/|ftps?:\/\/)/ui", $Element['attributes']['href']) === 0 )
         {
             return;
         }
 
-        $Element['attributes']['href'] = htmlspecialchars($Element['attributes']['href']);
-        $Element['text'] = htmlspecialchars($Element['text']);
+        $Element['attributes']['href'] = htmlspecialchars($Element['attributes']['href'], ENT_QUOTES);
+        $Element['text'] = htmlspecialchars($Element['text'], ENT_QUOTES);
+
+        if ( $Element['attributes']['title'] !== null )
+        {
+            $Element['attributes']['title'] = htmlspecialchars($Element['attributes']['title'], ENT_QUOTES);
+        }
 
         return array(
             'extent' => $extent,