GNUsocial/gnu-social
4
0
Fork 1
Code Issues Releases Wiki Activity

Only allow our specified URI schemes

Browse Source
This commit is contained in:
Mikael Nordfeldth
2016-02-03 14:31:16 +01:00
parent e903bd0bc3
commit 349dba8be0
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
lib/util.php
View File

@@ -581,6 +581,7 @@ function common_purify($html)
$cfg = HTMLPurifier_Config::createDefault();
$cfg->set('HTML.ForbiddenAttributes', array('style')); // id, on* etc. are already filtered by default
$cfg->set('URI.AllowedSchemes', array_fill_keys(common_url_schemes(), true));
// Remove more elements than what the default filter removes, default in GNU social are remotely
// linked resources such as img, video, audio