diff --git a/library/HTMLPurifier/URIFilter/SecureMunge.php b/library/HTMLPurifier/URIFilter/SecureMunge.php
index fe74ac53..f131ad4e 100644
--- a/library/HTMLPurifier/URIFilter/SecureMunge.php
+++ b/library/HTMLPurifier/URIFilter/SecureMunge.php
@@ -17,6 +17,7 @@ class HTMLPurifier_URIFilter_SecureMunge extends HTMLPurifier_URIFilter
}
public function filter(&$uri, $config, $context) {
if (!$this->target || !$this->secretKey) return true;
+ if ($context->get('EmbeddedURI', true)) return true; // abort for embedded URIs
$scheme_obj = $uri->getSchemeObj($config, $context);
if (!$scheme_obj) return true; // ignore unknown schemes, maybe another postfilter did it
if (is_null($uri->host) || empty($scheme_obj->browsable)) {
diff --git a/tests/HTMLPurifier/URIFilter/SecureMungeTest.php b/tests/HTMLPurifier/URIFilter/SecureMungeTest.php
index dd55dd5e..4a71ce04 100644
--- a/tests/HTMLPurifier/URIFilter/SecureMungeTest.php
+++ b/tests/HTMLPurifier/URIFilter/SecureMungeTest.php
@@ -22,6 +22,12 @@ class HTMLPurifier_URIFilter_SecureMungeTest extends HTMLPurifier_URIFilterHarne
$this->assertFiltering('/local');
}
+ function testPreserveEmbedded() {
+ $embedded = true;
+ $this->context->register('EmbeddedURI', $embedded);
+ $this->assertFiltering('http://google.com');
+ }
+
function testStandardMunge() {
$this->assertFiltering('http://google.com', '/redirect.php?url=http%3A%2F%2Fgoogle.com&checksum=0072e2f817fd2844825def74e54443debecf0892');
}
diff --git a/tests/HTMLPurifierTest.php b/tests/HTMLPurifierTest.php
index 181acaa7..d6c86584 100644
--- a/tests/HTMLPurifierTest.php
+++ b/tests/HTMLPurifierTest.php
@@ -189,8 +189,8 @@ alert("");
$this->config->set('URI', 'SecureMunge', '/redirect.php?url=%s&check=%t');
$this->config->set('URI', 'SecureMungeSecretKey', 'foo');
$this->assertPurification(
- 'foo',
- 'foo'
+ 'foo
',
+ 'foo'
);
}