mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2024-11-14 01:08:41 +00:00
e76f4b45d0
Basically, browsers don't parse what should be valid URIs correctly, so we have to go through some backbends to accomodate them. Specifically, for browseable URIs, the following URIs have unintended behavior: - ///example.com - http:/example.com - http:///example.com Furthermore, if the path begins with //, modifying these URLs must be done with care, as if you remove the host-name component, the parse tree changes. I've modified the engine to follow correct URI semantics as much as possible while outputting browser compatible code, and invalidate the URI in cases where we can't deal. There has been a refactoring of URIScheme so that this important check is always performed, introducing a new member variable allow_empty_host which is true on data, file, mailto and news schemes. This also fixes bypass bugs on URI.Munge. Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
20 lines
403 B
PHP
20 lines
403 B
PHP
<?php
|
|
|
|
/**
|
|
* Validates nntp (Network News Transfer Protocol) as defined by generic RFC 1738
|
|
*/
|
|
class HTMLPurifier_URIScheme_nntp extends HTMLPurifier_URIScheme {
|
|
|
|
public $default_port = 119;
|
|
public $browsable = false;
|
|
|
|
public function doValidate(&$uri, $config, $context) {
|
|
$uri->userinfo = null;
|
|
$uri->query = null;
|
|
return true;
|
|
}
|
|
|
|
}
|
|
|
|
// vim: et sw=4 sts=4
|