Mirror/parsedown
1
0
Fork 0
mirror of https://github.com/erusev/parsedown.git synced 2024-09-20 12:01:29 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

Improve safeLinks with whitelist.

Browse Source
This commit is contained in:
naNuke 2015-01-24 22:37:14 +01:00
parent 1a9d33ba51
commit 0670c0f2be
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
Parsedown.php
View File

@ -1244,13 +1244,18 @@ class Parsedown
$Element['attributes']['title'] = $Definition['title'];
}
if ( $this->safeLinksEnabled && stripos($Element['attributes']['href'], 'javascript:') === 0 )
if ( $this->safeLinksEnabled && preg_match("/^(\/|https?:\/\/|ftps?:\/\/)/ui", $Element['attributes']['href']) === 0 )
{
return;
}
$Element['attributes']['href'] = htmlspecialchars($Element['attributes']['href']);
$Element['text'] = htmlspecialchars($Element['text']);
$Element['attributes']['href'] = htmlspecialchars($Element['attributes']['href'], ENT_QUOTES);
$Element['text'] = htmlspecialchars($Element['text'], ENT_QUOTES);
if ( $Element['attributes']['title'] !== null )
{
$Element['attributes']['title'] = htmlspecialchars($Element['attributes']['title'], ENT_QUOTES);
}
return array(
'extent' => $extent,