From 8197be3061db8bd2f57910fa30d6adf34b04e824 Mon Sep 17 00:00:00 2001
From: Christian Schneider
Date: Tue, 8 Sep 2009 15:26:56 +0000
Subject: Use U() to sanitize URLs in it_html::sanitize and adapted test cases
 to it

---
 it_html.class | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'it_html.class')

diff --git a/it_html.class b/it_html.class
index 039f649..2175dd3 100644
--- a/it_html.class
+++ b/it_html.class
@@ -395,13 +395,13 @@ function sanitize($html)
 	{
 		# Link tags, keeps only href attribute
 		list($head, $href, $content, $tail) = $tag;
-		$result .= it_html::sanitize($head) . '<a href="' . it_html::Q(html_entity_decode($href), ENT_COMPAT, $charset) . '">' . it_html::sanitize($content) . "</a>" . it_html::sanitize($tail);
+		$result .= it_html::sanitize($head) . '<a href="' . it_html::Q(it_html::U(html_entity_decode($href, ENT_COMPAT, $charset))) . '">' . it_html::sanitize($content) . "</a>" . it_html::sanitize($tail);
 	}
 	else if ($tag = it::match('(.*)<img\b[^>]+?src="(' . $urlpattern . ')"[^>]*?>(.*)', $html))
 	{
 		# Image tags, keeps only src attribute
 		list($head, $src, $tail) = $tag;
-		$result .= it_html::sanitize($head) . '<img src="' . it_html::Q(html_entity_decode($src, ENT_COMPAT, $charset)) . '" alt="" />' . it_html::sanitize($tail);
+		$result .= it_html::sanitize($head) . '<img src="' . it_html::Q(it_html::U(html_entity_decode($src, ENT_COMPAT, $charset))) . '" alt="" />' . it_html::sanitize($tail);
 	}
 	else if ($tag = it::match("(.*)<(br|/tr)\b[^>]*>(.*)", $html))
 	{
-- 
cgit v1.2.3