. normal link .

Should not allow some protocols in links and images . xss link

xss link

xss link

xss link

xss link .

. xss link

xss link

xss link

xss link .

. xss link .

. xss link .

Should not allow data-uri except some whitelisted mimes . .

. xss link .

. normal link .

Image parser use the same code base as link. . xss link .

Autolinks . <javascript:alert(1)>

javascript:alert(1) .

Linkifier . javascript:alert(1)

javascript:alert(1) .

References . [test]: javascript:alert(1) .

Make sure we decode entities before split: .

test1
test2

.

.