mirror/parsedown
1
0
Fork 0
mirror of https://github.com/erusev/parsedown.git synced 2023-08-10 21:13:06 +03:00
Code Releases Activity

Customizable whitelist of schemas for safeLinks

Browse Source
This commit is contained in:
naNuke 2015-01-25 19:47:32 +01:00 committed by Aidan Woods
parent bf5105cb1a
commit 1d4296f34d
1 changed files with 23 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
Parsedown.php
View File

@ -84,6 +84,14 @@ class Parsedown
protected $safeLinksEnabled = true; protected $safeLinksEnabled = true;
protected $safeLinksWhitelist = array(
'http://',
'https://',
'/',
'ftp://',
'ftps://'
);
# #
# Lines # Lines
# #
@ -1262,10 +1270,23 @@ class Parsedown
$Element['attributes']['title'] = $Definition['title']; $Element['attributes']['title'] = $Definition['title'];
} }
if ( $this->safeLinksEnabled && preg_match("/^(\/|https?:\/\/|ftps?:\/\/)/ui", $Element['attributes']['href']) === 0 ) if ( $this->safeLinksEnabled )
{
$matched = false;
foreach ( $this->safeLinksWhitelist as $scheme )
{
if ( stripos($Element['attributes']['href'], $scheme) === 0 )
{
$matched = true;
break;
}
}
if ( ! $matched )
{ {
return; return;
} }
}
$Element['attributes']['href'] = htmlspecialchars($Element['attributes']['href'], ENT_QUOTES); $Element['attributes']['href'] = htmlspecialchars($Element['attributes']['href'], ENT_QUOTES);
$Element['text'] = htmlspecialchars($Element['text'], ENT_QUOTES); $Element['text'] = htmlspecialchars($Element['text'], ENT_QUOTES);