summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--it_html.class4
-rwxr-xr-xtest/it_html.t2
2 files changed, 1 insertions, 5 deletions
diff --git a/it_html.class b/it_html.class
index 5175f2d..913d018 100644
--- a/it_html.class
+++ b/it_html.class
@@ -516,11 +516,9 @@ static function U(...$args)
($u['host'] ? $u['host'] : "") .
($u['port'] ? ":" . intval($u['port']) : "");
+ # Remove unsupported javascript: scheme as it leads to security problems
if (it::match('javascript', $u['scheme']))
- {
- it::error(['title' => "Invalid URL scheme javascript", 'body' => ['args' => $args, 'u' => $u]]); # FIXME CS 2022-03-01 Remove warning on javascript urls
$u['scheme'] = '';
- }
$schemepart = $hostpart ? ($u['scheme'] ? $u['scheme'] . ":" : "") . "//$hostpart" : ($u['scheme'] == "mailto" ? $u['scheme'] . ":" : "");
diff --git a/test/it_html.t b/test/it_html.t
index a387781..aa734c0 100755
--- a/test/it_html.t
+++ b/test/it_html.t
@@ -253,10 +253,8 @@ is(
'empty tags removal'
);
-$GLOBALS['ULTRANOERRORS'] = true; # FIXME CS 2022-03-01 Remove this after U() does include it::error for javascript urls any more
foreach (json_decode(it::file_get_contents(dirname($argv[0]) . '/U_tests.json'), true) as $test)
is(U(...$test['args']), $test['exp'], $test['name']);
-$GLOBALS['ULTRANOERRORS'] = false;
is(it_html::entity_decode("ä"), "รค");
is(it_html::entity_decode("J"), "J");