From 0176ef4bb6f57103fdcb60a802603e60e81ee93e Mon Sep 17 00:00:00 2001
From: Jeff Standen <jeff@webgroupmedia.com>
Date: Thu, 26 Jan 2023 16:06:28 -0800
Subject: [PATCH] fix: Invalid scheme check in Attr.TargetBlank (#363)

---
 library/HTMLPurifier/AttrTransform/TargetBlank.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/library/HTMLPurifier/AttrTransform/TargetBlank.php b/library/HTMLPurifier/AttrTransform/TargetBlank.php
index dd63ea89..cc30ab8c 100644
--- a/library/HTMLPurifier/AttrTransform/TargetBlank.php
+++ b/library/HTMLPurifier/AttrTransform/TargetBlank.php
@@ -33,7 +33,11 @@ class HTMLPurifier_AttrTransform_TargetBlank extends HTMLPurifier_AttrTransform
 
         // XXX Kind of inefficient
         $url = $this->parser->parse($attr['href']);
-        $scheme = $url->getSchemeObj($config, $context);
+        
+        // Ignore invalid schemes (e.g. `javascript:`)
+        if (!($scheme = $url->getSchemeObj($config, $context))) {
+            return $attr;
+        }
 
         if ($scheme->browsable && !$url->isBenign($config, $context)) {
             $attr['target'] = '_blank';