diff options
-rw-r--r-- | it_html.class | 4 | ||||
-rwxr-xr-x | test/it_html.t | 2 |
2 files changed, 1 insertions, 5 deletions
diff --git a/it_html.class b/it_html.class index 5175f2d..913d018 100644 --- a/it_html.class +++ b/it_html.class @@ -516,11 +516,9 @@ static function U(...$args) ($u['host'] ? $u['host'] : "") . ($u['port'] ? ":" . intval($u['port']) : ""); + # Remove unsupported javascript: scheme as it leads to security problems if (it::match('javascript', $u['scheme'])) - { - it::error(['title' => "Invalid URL scheme javascript", 'body' => ['args' => $args, 'u' => $u]]); # FIXME CS 2022-03-01 Remove warning on javascript urls $u['scheme'] = ''; - } $schemepart = $hostpart ? ($u['scheme'] ? $u['scheme'] . ":" : "") . "//$hostpart" : ($u['scheme'] == "mailto" ? $u['scheme'] . ":" : ""); diff --git a/test/it_html.t b/test/it_html.t index a387781..aa734c0 100755 --- a/test/it_html.t +++ b/test/it_html.t @@ -253,10 +253,8 @@ is( 'empty tags removal' ); -$GLOBALS['ULTRANOERRORS'] = true; # FIXME CS 2022-03-01 Remove this after U() does include it::error for javascript urls any more foreach (json_decode(it::file_get_contents(dirname($argv[0]) . '/U_tests.json'), true) as $test) is(U(...$test['args']), $test['exp'], $test['name']); -$GLOBALS['ULTRANOERRORS'] = false; is(it_html::entity_decode("ä"), "รค"); is(it_html::entity_decode("J"), "J"); |