0
0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2024-12-22 08:21:52 +00:00

Allow %URI.DefaultScheme to be null.

Fixes #103.

Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
This commit is contained in:
Edward Z. Yang 2016-10-27 17:24:34 -07:00
parent d19d648a26
commit 59463c5c39
6 changed files with 26 additions and 9 deletions

4
NEWS
View File

@ -9,6 +9,10 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
. Internal change
==========================
4.9.0, unknown release date
! %URI.DefaultScheme can now be set to null, in which case
all relative paths are removed.
4.8.0, released 2016-07-16
# By default, when a link has a target attribute associated
with it, we now also add rel="noreferrer" in order to

View File

@ -423,13 +423,13 @@
</directive>
<directive id="Cache.SerializerPath">
<file name="HTMLPurifier/DefinitionCache/Serializer.php">
<line>183</line>
<line>185</line>
</file>
</directive>
<directive id="Cache.SerializerPermissions">
<file name="HTMLPurifier/DefinitionCache/Serializer.php">
<line>200</line>
<line>216</line>
<line>202</line>
<line>218</line>
</file>
</directive>
<directive id="Filter.ExtractStyleBlocks.TidyImpl">

View File

@ -1,5 +1,5 @@
URI.DefaultScheme
TYPE: string
TYPE: string/null
DEFAULT: 'http'
--DESCRIPTION--
@ -7,4 +7,9 @@ DEFAULT: 'http'
Defines through what scheme the output will be served, in order to
select the proper object validator when no scheme information is present.
</p>
<p>
Starting with HTML Purifier 4.9.0, the default scheme can be null, in
which case we reject all URIs which do not have explicit schemes.
</p>
--# vim: et sw=4 sts=4

View File

@ -85,11 +85,13 @@ class HTMLPurifier_URI
$def = $config->getDefinition('URI');
$scheme_obj = $def->getDefaultScheme($config, $context);
if (!$scheme_obj) {
if ($def->defaultScheme !== null) {
// something funky happened to the default scheme object
trigger_error(
'Default scheme object "' . $def->defaultScheme . '" was not readable',
E_USER_WARNING
);
} // suppress error if it's null
return false;
}
}

View File

@ -81,6 +81,12 @@ class HTMLPurifier_AttrDef_URITest extends HTMLPurifier_AttrDefHarness
$this->assertDef('http://example.com/foo/bar');
}
public function testDefaultSchemeNull()
{
$this->config->set('URI.DefaultScheme', null);
$this->assertDef('foo', false);
}
public function testAltSchemeNotRemoved()
{
$this->assertDef('mailto:this-looks-like-a-path@example.com');