From b35ced8c9e8ca8c0004ab8187e0c1ab771b08be7 Mon Sep 17 00:00:00 2001
From: Rob Wu <gwnRob@gmail.com>
Date: Wed, 22 Jan 2014 12:39:42 +0100
Subject: [PATCH] RFC 3986-compliant isValidUrl (protocol parsing)

To avoid misinterpreting URLs like "/File:wikipedia.png" as a
non-relative URLs.
---
 src/shared/util.js | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/shared/util.js b/src/shared/util.js
index 51fd42bee..312445565 100644
--- a/src/shared/util.js
+++ b/src/shared/util.js
@@ -223,7 +223,7 @@ var UnsupportedManager = PDFJS.UnsupportedManager =
 function combineUrl(baseUrl, url) {
   if (!url)
     return baseUrl;
-  if (url.indexOf(':') >= 0)
+  if (/^[a-z][a-z0-9+\-.]*:/i.test(url))
     return url;
   if (url.charAt(0) == '/') {
     // absolute path
@@ -247,11 +247,13 @@ function isValidUrl(url, allowRelative) {
   if (!url) {
     return false;
   }
-  var colon = url.indexOf(':');
-  if (colon < 0) {
+  // RFC 3986 (http://tools.ietf.org/html/rfc3986#section-3.1)
+  // scheme = ALPHA *( ALPHA / DIGIT / "+" / "-" / "." )
+  var protocol = /^[a-z][a-z0-9+\-.]*(?=:)/i.exec(url);
+  if (!protocol) {
     return allowRelative;
   }
-  var protocol = url.substr(0, colon);
+  protocol = protocol[0].toLowerCase();
   switch (protocol) {
     case 'http':
     case 'https':