From f6e1a61366d272c987b8164109cad50232f73b57 Mon Sep 17 00:00:00 2001
From: Jordan Orelli <jordanorelli@gmail.com>
Date: Thu, 5 Nov 2015 19:25:55 -0500
Subject: [PATCH] protocol tests

---
 spec/bristlecode/parser_spec.rb | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/spec/bristlecode/parser_spec.rb b/spec/bristlecode/parser_spec.rb
index 6fa1fda..dca7b6d 100644
--- a/spec/bristlecode/parser_spec.rb
+++ b/spec/bristlecode/parser_spec.rb
@@ -75,6 +75,14 @@ module Bristlecode
       expect(to_html(input)).to eq(output)
     end
 
+    it 'rejects bad url protocols' do
+      input = '[url=javascript:alert(1)]google.com[/url]'
+      expect { to_html(input) }.to raise_error
+
+      input = '[url=ftp://something.com/filez]google.com[/url]'
+      expect { to_html(input) }.to raise_error
+    end
+
     it 'allows subtrees in <a> tags' do
       input = '[url=http://google.com]this is [b]the[/b] google[/url]'
       output = '<a href="http://google.com" rel="nofollow">this is <b>the</b> google</a>'