deeals protocol-relative URLs are external

gfx · gfx · commit 664e5df69f5f · 2017-05-22T13:51:55.000+09:00
diff --git a/lib/rules/jsx-no-target-blank.js b/lib/rules/jsx-no-target-blank.js
@@ -41,7 +41,7 @@ module.exports = {
               continue;
             }
             if (attr.name.name === 'href') {
-              if (attr.value.type === 'Literal' && !/^\w+:/.test(attr.value.value)) {
+              if (attr.value.type === 'Literal' && !/^(?:\w+:|\/\/)/.test(attr.value.value)) {
                 // it's safe because it is not an external link (i.e. doesn't start with a protocol)
                 return;
               }
diff --git a/tests/lib/rules/jsx-no-target-blank.js b/tests/lib/rules/jsx-no-target-blank.js
@@ -62,6 +62,12 @@ ruleTester.run('jsx-no-target-blank', rule, {
     errors: [{
       message: 'Using target="_blank" without rel="noopener noreferrer" is a security risk:' +
       ' see https://mathiasbynens.github.io/rel-noopener'
-    }]}
-  ]
+    }]
+  }, {
+    code: '<a target="_blank" href="//example.com"></a>',
+    errors: [{
+      message: 'Using target="_blank" without rel="noopener noreferrer" is a security risk:' +
+      ' see https://mathiasbynens.github.io/rel-noopener'
+    }]
+  }]
 });

Original file line number	Diff line number	Diff line change
`@@ -41,7 +41,7 @@ module.exports = {`
`41`	`41`	`continue;`
`42`	`42`	`}`
`43`	`43`	`if (attr.name.name === 'href') {`
`44`		`- if (attr.value.type === 'Literal' && !/^\w+:/.test(attr.value.value)) {`
	`44`	`+ if (attr.value.type === 'Literal' && !/^(?:\w+:\|\/\/)/.test(attr.value.value)) {`
`45`	`45`	`// it's safe because it is not an external link (i.e. doesn't start with a protocol)`
`46`	`46`	`return;`
`47`	`47`	`}`