diff --git a/spec/bristlecode/parser_spec.rb b/spec/bristlecode/parser_spec.rb
index 6fa1fda..dca7b6d 100644
--- a/spec/bristlecode/parser_spec.rb
+++ b/spec/bristlecode/parser_spec.rb
@@ -75,6 +75,14 @@ module Bristlecode
expect(to_html(input)).to eq(output)
end
+ it 'rejects bad url protocols' do
+ input = '[url=javascript:alert(1)]google.com[/url]'
+ expect { to_html(input) }.to raise_error
+
+ input = '[url=ftp://something.com/filez]google.com[/url]'
+ expect { to_html(input) }.to raise_error
+ end
+
it 'allows subtrees in tags' do
input = '[url=http://google.com]this is [b]the[/b] google[/url]'
output = 'this is the google'