lib/sanitize.rb in sanitize-3.0.3 vs lib/sanitize.rb in sanitize-3.0.4
- old
+ new
@@ -22,10 +22,10 @@
# Matches an attribute value that could be treated by a browser as a URL
# with a protocol prefix, such as "http:" or "javascript:". Any string of zero
# or more characters followed by a colon is considered a match, even if the
# colon is encoded as an entity and even if it's an incomplete entity (which
# IE6 and Opera will still parse).
- REGEX_PROTOCOL = /\A([^\/#]*?)(?:\:|�*58|�*3a)/i
+ REGEX_PROTOCOL = /\A\s*([^\/#]*?)(?:\:|�*58|�*3a)/i
# Matches Unicode characters that should be stripped from HTML before passing
# it to the parser.
#
# http://www.w3.org/TR/unicode-xml/#Charlist