mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2024-12-22 08:21:52 +00:00
Allow %URI.DefaultScheme to be null.
Fixes #103. Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
This commit is contained in:
parent
d19d648a26
commit
59463c5c39
4
NEWS
4
NEWS
@ -9,6 +9,10 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
|
||||
. Internal change
|
||||
==========================
|
||||
|
||||
4.9.0, unknown release date
|
||||
! %URI.DefaultScheme can now be set to null, in which case
|
||||
all relative paths are removed.
|
||||
|
||||
4.8.0, released 2016-07-16
|
||||
# By default, when a link has a target attribute associated
|
||||
with it, we now also add rel="noreferrer" in order to
|
||||
|
@ -423,13 +423,13 @@
|
||||
</directive>
|
||||
<directive id="Cache.SerializerPath">
|
||||
<file name="HTMLPurifier/DefinitionCache/Serializer.php">
|
||||
<line>183</line>
|
||||
<line>185</line>
|
||||
</file>
|
||||
</directive>
|
||||
<directive id="Cache.SerializerPermissions">
|
||||
<file name="HTMLPurifier/DefinitionCache/Serializer.php">
|
||||
<line>200</line>
|
||||
<line>216</line>
|
||||
<line>202</line>
|
||||
<line>218</line>
|
||||
</file>
|
||||
</directive>
|
||||
<directive id="Filter.ExtractStyleBlocks.TidyImpl">
|
||||
|
Binary file not shown.
@ -1,5 +1,5 @@
|
||||
URI.DefaultScheme
|
||||
TYPE: string
|
||||
TYPE: string/null
|
||||
DEFAULT: 'http'
|
||||
--DESCRIPTION--
|
||||
|
||||
@ -7,4 +7,9 @@ DEFAULT: 'http'
|
||||
Defines through what scheme the output will be served, in order to
|
||||
select the proper object validator when no scheme information is present.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
Starting with HTML Purifier 4.9.0, the default scheme can be null, in
|
||||
which case we reject all URIs which do not have explicit schemes.
|
||||
</p>
|
||||
--# vim: et sw=4 sts=4
|
||||
|
@ -85,11 +85,13 @@ class HTMLPurifier_URI
|
||||
$def = $config->getDefinition('URI');
|
||||
$scheme_obj = $def->getDefaultScheme($config, $context);
|
||||
if (!$scheme_obj) {
|
||||
if ($def->defaultScheme !== null) {
|
||||
// something funky happened to the default scheme object
|
||||
trigger_error(
|
||||
'Default scheme object "' . $def->defaultScheme . '" was not readable',
|
||||
E_USER_WARNING
|
||||
);
|
||||
} // suppress error if it's null
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
@ -81,6 +81,12 @@ class HTMLPurifier_AttrDef_URITest extends HTMLPurifier_AttrDefHarness
|
||||
$this->assertDef('http://example.com/foo/bar');
|
||||
}
|
||||
|
||||
public function testDefaultSchemeNull()
|
||||
{
|
||||
$this->config->set('URI.DefaultScheme', null);
|
||||
$this->assertDef('foo', false);
|
||||
}
|
||||
|
||||
public function testAltSchemeNotRemoved()
|
||||
{
|
||||
$this->assertDef('mailto:this-looks-like-a-path@example.com');
|
||||
|
Loading…
Reference in New Issue
Block a user