From 07ac8b16c1232c79a31c852b33a433301a4a38eb Mon Sep 17 00:00:00 2001
From: sijanec <sijanecantonluka@gmail.com>
Date: Sun, 9 Feb 2020 00:24:43 +0100
Subject: [PATCH] added support for src embedded image, ftp and relative urls

Those can't contain playloads. Reference to the issue #174
---
 lib/default.js | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lib/default.js b/lib/default.js
index 1452ed3..317d7a6 100644
--- a/lib/default.js
+++ b/lib/default.js
@@ -159,6 +159,11 @@ function safeAttrValue(tag, name, value, cssFilter) {
         value.substr(0, 8) === "https://" ||
         value.substr(0, 7) === "mailto:" ||
         value.substr(0, 4) === "tel:" ||
+        value.substr(0, 4) === "tel:" ||
+        value.substr(0, 11) === "data:image/" ||
+        value.substr(0, 6) === "ftp://" ||
+        value.substr(0, 2) === "./" ||
+        value.substr(0, 2) === "../" ||
         value[0] === "#" ||
         value[0] === "/"
       )