mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2024-12-22 16:31:53 +00:00
Check if the scheme can be removed from the URI when it s the default
scheme
This commit is contained in:
parent
dc8702160c
commit
3c15a2de08
@ -124,8 +124,10 @@ class HTMLPurifier_URI
|
|||||||
// scheme is in our registry, since a URIFilter may convert a
|
// scheme is in our registry, since a URIFilter may convert a
|
||||||
// URI that we don't allow into one we do. So instead, we just
|
// URI that we don't allow into one we do. So instead, we just
|
||||||
// check if the scheme can be dropped because there is no host
|
// check if the scheme can be dropped because there is no host
|
||||||
// and it is our default scheme.
|
// or the host can be omitted and it is our default scheme.
|
||||||
if (!is_null($this->scheme) && is_null($this->host) || $this->host === '') {
|
if (!is_null($this->scheme) &&
|
||||||
|
(!$this->getSchemeObj($config, $context)->may_omit_host && (is_null($this->host) || $this->host === ''))
|
||||||
|
) {
|
||||||
// support for relative paths is pretty abysmal when the
|
// support for relative paths is pretty abysmal when the
|
||||||
// scheme is present, so axe it when possible
|
// scheme is present, so axe it when possible
|
||||||
$def = $config->getDefinition('URI');
|
$def = $config->getDefinition('URI');
|
||||||
|
@ -225,6 +225,22 @@ class HTMLPurifier_URITest extends HTMLPurifier_URIHarness
|
|||||||
$this->assertValidation('http://google.com');
|
$this->assertValidation('http://google.com');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function test_validate_schemeIsDefaultAndTheOnlyAllowed()
|
||||||
|
{
|
||||||
|
$uri =
|
||||||
|
'data:'.
|
||||||
|
'image/png,'.
|
||||||
|
'iVBORw0KGgoAAAANSUhEUgAAAAoAAAAKCAYAAACNMs+9AAAABGdBTUEAALGP'.
|
||||||
|
'C/xhBQAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9YGARc5KB0XV+IA'.
|
||||||
|
'AAAddEVYdENvbW1lbnQAQ3JlYXRlZCB3aXRoIFRoZSBHSU1Q72QlbgAAAF1J'.
|
||||||
|
'REFUGNO9zL0NglAAxPEfdLTs4BZM4DIO4C7OwQg2JoQ9LE1exdlYvBBeZ7jq'.
|
||||||
|
'ch9//q1uH4TLzw4d6+ErXMMcXuHWxId3KOETnnXXV6MJpcq2MLaI97CER3N0'.
|
||||||
|
'vr4MkhoXe0rZigAAAABJRU5ErkJggg==';
|
||||||
|
|
||||||
|
$this->config->set('URI.DefaultScheme', 'data');
|
||||||
|
$this->config->set('URI.AllowedSchemes', array('data' => true));
|
||||||
|
$this->assertValidation($uri, $uri);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// vim: et sw=4 sts=4
|
// vim: et sw=4 sts=4
|
||||||
|
Loading…
Reference in New Issue
Block a user