diff options
| -rw-r--r-- | it_html.class | 4 | ||||
| -rw-r--r-- | test/U_tests.json | 12 |
2 files changed, 16 insertions, 0 deletions
diff --git a/it_html.class b/it_html.class index 6f4bc91..424559c 100644 --- a/it_html.class +++ b/it_html.class @@ -527,6 +527,10 @@ static function U(/* ... */) $schemepart = $hostpart ? ($u['scheme'] ? $u['scheme'] . ":" : "") . "//$hostpart" : ($u['scheme'] == "mailto" ? $u['scheme'] . ":" : ""); + # remove strings that will be interpreted as scheme from path + if (!$schemepart && !$hostpart) + $u['path'] = preg_replace('|^([^/]*:)+|', '', $u['path']); + # sanitize path and fragment $u['path'] = preg_replace('|\\\\|', '/', $u['path']); # turn \ to / foreach (['path', 'query', 'fragment'] as $key) diff --git a/test/U_tests.json b/test/U_tests.json index e35ff9d..0025565 100644 --- a/test/U_tests.json +++ b/test/U_tests.json @@ -207,5 +207,17 @@ "args": ["/foo.html", {"<spam>": {"<spam>": "ham"}}], "exp": "/foo.html?%3Cspam%3E%5B%3Cspam%3E%5D=ham", "name": "U() urlencode keys of nested structures" + }, + + { + "args": ["a:javascript:alert('fail');"], + "exp": "alert(%27fail%27)%3B", + "name": "U() remove schema from path" + }, + + { + "args": ["a:b:c:d:javascript:alert('fail');"], + "exp": "alert(%27fail%27)%3B", + "name": "U() remove multiple schemes from path" } ] |