mirror of
https://github.com/erusev/parsedown.git
synced 2023-08-10 21:13:06 +03:00
safeMode will either apply all sanitisation techniques to an element or none (note that encoding HTML entities is done regardless because it speaks to character context, and that the only attributes/elements we should permit are the ones we actually mean to create)
This commit is contained in:
parent
b1e5aebaf6
commit
bbb7687f31
@ -1421,8 +1421,11 @@ class Parsedown
|
||||
#
|
||||
|
||||
protected function element(array $Element)
|
||||
{
|
||||
if ($this->safeMode)
|
||||
{
|
||||
$Element = $this->sanitiseElement($Element);
|
||||
}
|
||||
|
||||
$markup = '<'.$Element['name'];
|
||||
|
||||
@ -1542,8 +1545,6 @@ class Parsedown
|
||||
}
|
||||
|
||||
protected function filterUnsafeUrlInAttribute(array $Element, $attribute)
|
||||
{
|
||||
if ($this->safeMode)
|
||||
{
|
||||
foreach ($this->safeLinksWhitelist as $scheme)
|
||||
{
|
||||
@ -1562,8 +1563,6 @@ class Parsedown
|
||||
$Element['attributes'][$attribute]
|
||||
);
|
||||
|
||||
}
|
||||
|
||||
return $Element;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user