From 680d60d6a46e3964d93e07287b2dc2770686be7c Mon Sep 17 00:00:00 2001
From: zerol <zerolfx0@gmail.com>
Date: Sun, 23 Apr 2017 23:45:06 +0800
Subject: [PATCH] fix: xss_filter relative path

---
 utils/xss_filter.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/utils/xss_filter.py b/utils/xss_filter.py
index 90c17cfa..0f579d9e 100644
--- a/utils/xss_filter.py
+++ b/utils/xss_filter.py
@@ -41,7 +41,7 @@ class XssHtml(HTMLParser):
         "table": ["border", "cellpadding", "cellspacing"],
     }
 
-    _regex_url = re.compile(r'^(http|https|ftp)://.*', re.I | re.S)
+    _regex_url = re.compile(r'^(((http|https|ftp)://)|/).*', re.I | re.S)
     _regex_style_1 = re.compile(r'(\\|&#|/\*|\*/)', re.I)
     _regex_style_2 = re.compile(r'e.*x.*p.*r.*e.*s.*s.*i.*o.*n', re.I | re.S)
 
@@ -192,6 +192,7 @@ def _htmlspecialchars(self, html):
         <a href='javascript:prompt(1)'><br />hehe</a></div>
         <p id="test" onmouseover="alert(1)" style="expresSion(alert(1))">&gt;M<svg>
         <a href="https://www.baidu.com" target="self">MM</a></p>
-        <embed src='javascript:alert(/hehe/)' allowscriptaccess=always />""")
+        <embed src='javascript:alert(/hehe/)' allowscriptaccess=always />
+        <a href="/problem/">Problems</a>""")
     parser.close()
-    print(parser.getHtml())
\ No newline at end of file
+    print(parser.getHtml())