diff options
| author | Christian Schneider | 2022-04-07 12:00:26 +0200 |
|---|---|---|
| committer | Christian Schneider | 2022-04-07 12:00:26 +0200 |
| commit | 183892d556e3fb6c389f24490531629afef1859a (patch) | |
| tree | 3fc4bdba9c4a4e8f6f8560db9f7f7cae561db0cf | |
| parent | 4bc22c716706b8b7c6501385de3f34d8b835465a (diff) | |
| download | itools-183892d556e3fb6c389f24490531629afef1859a.tar.gz itools-183892d556e3fb6c389f24490531629afef1859a.tar.bz2 itools-183892d556e3fb6c389f24490531629afef1859a.zip | |
No regular use of javascript: found, remove warning and silently strip it
| -rw-r--r-- | it_html.class | 4 | ||||
| -rwxr-xr-x | test/it_html.t | 2 |
2 files changed, 1 insertions, 5 deletions
diff --git a/it_html.class b/it_html.class index 5175f2d..913d018 100644 --- a/it_html.class +++ b/it_html.class @@ -516,11 +516,9 @@ static function U(...$args) ($u['host'] ? $u['host'] : "") . ($u['port'] ? ":" . intval($u['port']) : ""); + # Remove unsupported javascript: scheme as it leads to security problems if (it::match('javascript', $u['scheme'])) - { - it::error(['title' => "Invalid URL scheme javascript", 'body' => ['args' => $args, 'u' => $u]]); # FIXME CS 2022-03-01 Remove warning on javascript urls $u['scheme'] = ''; - } $schemepart = $hostpart ? ($u['scheme'] ? $u['scheme'] . ":" : "") . "//$hostpart" : ($u['scheme'] == "mailto" ? $u['scheme'] . ":" : ""); diff --git a/test/it_html.t b/test/it_html.t index a387781..aa734c0 100755 --- a/test/it_html.t +++ b/test/it_html.t @@ -253,10 +253,8 @@ is( 'empty tags removal' ); -$GLOBALS['ULTRANOERRORS'] = true; # FIXME CS 2022-03-01 Remove this after U() does include it::error for javascript urls any more foreach (json_decode(it::file_get_contents(dirname($argv[0]) . '/U_tests.json'), true) as $test) is(U(...$test['args']), $test['exp'], $test['name']); -$GLOBALS['ULTRANOERRORS'] = false; is(it_html::entity_decode("ä"), "รค"); is(it_html::entity_decode("J"), "J"); |