For the rule (?:\bhttp\/(?:0\.9|1\.[01])|<(?:html|meta)\b), any submitted data with the basic pattern...

https <meta

...will trigger a positive result.

Based on the generality of the regex involved, I'm not sure there is a way around this issue, but here's the business use: in Magento, and likely in other Web apps with CMS or CMS apps, there is a field for adding miscellaneous content to the <head>. It is not uncommon for admin users of the GUI to add Google site verification meta or possibly other HTML meta data using this field, along with miscellaneous third-party javascript sources.

Please let me know if more information is needed or if I have missed any requirements necessary for this list.

Ben Marks
Senior Developer, Blue Acorn
Instructor, Magento U