From 98e665cdae5fd5d8068da4d80c73a7c25b065703 Mon Sep 17 00:00:00 2001
From: weyusi <weyusi@users.noreply.github.com>
Date: Mon, 8 Jul 2019 17:46:12 +0930
Subject: [PATCH 1/3] chore(deps): update marked to ^0.7.0

---
 README.md    | 4 ----
 index.js     | 2 --
 package.json | 2 +-
 3 files changed, 1 insertion(+), 7 deletions(-)

diff --git a/README.md b/README.md
index 9c830dc..ab81e6f 100644
--- a/README.md
+++ b/README.md
@@ -23,8 +23,6 @@ You can configure this plugin in `_config.yml`.
 marked:
   gfm: true
   pedantic: false
-  sanitize: false
-  tables: true
   breaks: true
   smartLists: true
   smartypants: true
@@ -34,8 +32,6 @@ marked:
 
 - **gfm** - Enables [GitHub flavored markdown](https://help.github.com/articles/github-flavored-markdown)
 - **pedantic** - Conform to obscure parts of `markdown.pl` as much as possible. Don't fix any of the original markdown bugs or poor behavior.
-- **sanitize** - Sanitize the output. Ignore any HTML that has been input.
-- **tables** - Enable GFM [tables](https://github.com/adam-p/markdown-here/wiki/Markdown-Cheatsheet#wiki-tables). This option requires the `gfm` option to be true.
 - **breaks** - Enable GFM [line breaks](https://help.github.com/articles/github-flavored-markdown#newlines). This option requires the `gfm` option to be true.
 - **smartLists** - Use smarter list behavior than the original markdown.
 - **smartypants** - Use "smart" typograhic punctuation for things like quotes and dashes.
diff --git a/index.js b/index.js
index 8e87855..8a071cc 100644
--- a/index.js
+++ b/index.js
@@ -7,8 +7,6 @@ var renderer = require('./lib/renderer');
 hexo.config.marked = Object.assign({
   gfm: true,
   pedantic: false,
-  sanitize: false,
-  tables: true,
   breaks: true,
   smartLists: true,
   smartypants: true,
diff --git a/package.json b/package.json
index bfd0fb6..c2e3500 100644
--- a/package.json
+++ b/package.json
@@ -29,7 +29,7 @@
   "license": "MIT",
   "dependencies": {
     "hexo-util": "^0.6.3",
-    "marked": "^0.6.2",
+    "marked": "^0.7.0",
     "strip-indent": "^3.0.0"
   },
   "devDependencies": {

From 28ce9bf73ce112ebd4c53cfc4ef95c72a848426d Mon Sep 17 00:00:00 2001
From: weyusi <weyusi@users.noreply.github.com>
Date: Mon, 8 Jul 2019 17:59:06 +0930
Subject: [PATCH 2/3] refactor: remove unused 'sanitize' option

---
 lib/renderer.js | 16 ----------------
 1 file changed, 16 deletions(-)

diff --git a/lib/renderer.js b/lib/renderer.js
index 869357c..8fbe944 100644
--- a/lib/renderer.js
+++ b/lib/renderer.js
@@ -35,22 +35,6 @@ function anchorId(str, transformOption) {
 
 // Support AutoLink option
 Renderer.prototype.link = function(href, title, text) {
-  if (this.options.sanitize) {
-    let prot;
-
-    try {
-      prot = decodeURIComponent(unescape(href))
-          .replace(/[^\w:]/g, '')
-          .toLowerCase();
-    } catch (e) {
-      return '';
-    }
-
-    if (prot.startsWith('javascript:') || prot.startsWith('vbscript:') || prot.startsWith('data:')) {
-      return '';
-    }
-  }
-
   if (!this.options.autolink && href === text && title == null) {
     return href;
   }

From ce94875b4e77e14b04cfca90ab66d40f324772ae Mon Sep 17 00:00:00 2001
From: weyusi <weyusi@users.noreply.github.com>
Date: Fri, 12 Jul 2019 11:57:24 +0930
Subject: [PATCH 3/3] feat: restore plugin sanitize function, rename to
 sanitizeUrl

---
 README.md       |  2 ++
 index.js        |  3 ++-
 lib/renderer.js | 16 ++++++++++++++++
 3 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index ab81e6f..872589e 100644
--- a/README.md
+++ b/README.md
@@ -28,6 +28,7 @@ marked:
   smartypants: true
   modifyAnchors: ''
   autolink: true
+  sanitizeUrl: false
 ```
 
 - **gfm** - Enables [GitHub flavored markdown](https://help.github.com/articles/github-flavored-markdown)
@@ -37,6 +38,7 @@ marked:
 - **smartypants** - Use "smart" typograhic punctuation for things like quotes and dashes.
 - **modifyAnchors** - Use for transform anchorIds. if `1` to lowerCase and if `2` to upperCase. **Must be integer**.
 - **autolink** - Enable autolink for URLs. E.g. `https://hexo.io` will become `<a href="https://hexo.io">https://hexo.io</a>`.
+- **sanitizeUrl** - Remove URLs that start with `javascript:`, `vbscript:` and `data:`.
 
 ## Extras
 
diff --git a/index.js b/index.js
index 8a071cc..66505fe 100644
--- a/index.js
+++ b/index.js
@@ -11,7 +11,8 @@ hexo.config.marked = Object.assign({
   smartLists: true,
   smartypants: true,
   modifyAnchors: '',
-  autolink: true
+  autolink: true,
+  sanitizeUrl: false
 }, hexo.config.marked);
 
 hexo.extend.renderer.register('md', 'html', renderer, true);
diff --git a/lib/renderer.js b/lib/renderer.js
index 8fbe944..4fb2397 100644
--- a/lib/renderer.js
+++ b/lib/renderer.js
@@ -35,6 +35,22 @@ function anchorId(str, transformOption) {
 
 // Support AutoLink option
 Renderer.prototype.link = function(href, title, text) {
+  if (this.options.sanitizeUrl) {
+    let prot;
+
+    try {
+      prot = decodeURIComponent(unescape(href))
+          .replace(/[^\w:]/g, '')
+          .toLowerCase();
+    } catch (e) {
+      return '';
+    }
+
+    if (prot.startsWith('javascript:') || prot.startsWith('vbscript:') || prot.startsWith('data:')) {
+      return '';
+    }
+  }
+
   if (!this.options.autolink && href === text && title == null) {
     return href;
   }