From 8a48612de2e926709e084af3ab114f1aa3dcef87 Mon Sep 17 00:00:00 2001
From: ansuz <ansuz@transitiontech.ca>
Date: Tue, 7 Mar 2017 14:40:06 +0100
Subject: [PATCH] add some notes for later

---
 www/pad/main.js | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/www/pad/main.js b/www/pad/main.js
index 4e04c8c2e..9c0cb6b7d 100644
--- a/www/pad/main.js
+++ b/www/pad/main.js
@@ -164,6 +164,16 @@ define([
                         send scripts over the wire.
                     */
                     if (['addAttribute', 'modifyAttribute'].indexOf(info.diff.action) !== -1) {
+                        if (info.diff.name === 'href') {
+                            // console.log(info.diff);
+                            var href = info.diff.newValue;
+
+                            // TODO normalize HTML entities
+                            if (/javascript *: */.test(info.diff.newValue)) {
+                                // TODO remove javascript: links
+                            }
+                        }
+
                         if (/^on/.test(info.diff.name)) {
                             console.log("Rejecting forbidden element attribute with name (%s)", info.diff.name);
                             return true;