2 files changed, 14 insertions, 6 deletions

diff --git a/src/compiler.rs b/src/compiler.rs
index 9bc2488..4359942 100644
--- a/src/compiler.rs
+++ b/src/compiler.rs
@@ -1,4 +1,5 @@
 //! Turn events into a string of HTML.
+use crate::constant::SAFE_PROTOCOL_HREF;
 use crate::construct::character_reference::Kind as CharacterReferenceKind;
 use crate::tokenizer::{Code, Event, EventType, TokenType};
 use crate::util::{
@@ -125,14 +126,9 @@ pub fn compile(events: &[Event], codes: &[Code], options: &Options) -> String {
     let protocol_href = if options.allow_dangerous_protocol {
         None
     } else {
-        Some(vec!["http", "https", "irc", "ircs", "mailto", "xmpp"])
+        Some(SAFE_PROTOCOL_HREF.to_vec())
     };
     let mut line_ending_inferred: Option<LineEnding> = None;
-    // let protocol_src = if options.allow_dangerous_protocol {
-    //     None
-    // } else {
-    //     Some(vec!["http", "https"])
-    // };
 
     // let mut slurp_all_line_endings = false;
     while index < events.len() {
diff --git a/src/constant.rs b/src/constant.rs
index 9c861be..6ba1638 100644
--- a/src/constant.rs
+++ b/src/constant.rs
@@ -193,6 +193,18 @@ pub const HTML_RAW_SIZE_MAX: usize = 8;
 /// To safeguard performance, labels are capped at a large number: `999`.
 pub const LINK_REFERENCE_SIZE_MAX: usize = 999;
 
+/// List of protocols allowed, when operating safely, as `href` on `a`.
+///
+/// This list is based on what is allowed by GitHub.
+pub const SAFE_PROTOCOL_HREF: [&str; 6] = ["http", "https", "irc", "ircs", "mailto", "xmpp"];
+
+/// List of protocols allowed, when operating safely, as `src` on `img`.
+///
+/// This list is based on what is allowed by GitHub.
+// To do: image.
+#[allow(dead_code)]
+pub const SAFE_PROTOCOL_SRC: [&str; 2] = ["http", "https"];
+
 /// The number of characters that form a tab stop.
 ///
 /// This relates to the number of whitespace characters needed to form certain