contains_bad_protocols?

# File actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb, line 171
    def contains_bad_protocols?(attr_name, value)
      uri_attributes.include?(attr_name) &&
      (value =~ /(^[^\/:]*):|(&#0*58)|(&#x70)|(%|%)3A/ && !allowed_protocols.include?(value.split(protocol_separator).first.downcase))
    end