mirror/parsedown
1
0
Fork 0
mirror of https://github.com/erusev/parsedown.git synced 2023-08-10 21:13:06 +03:00
Code Releases Activity

Improve safeLinks with whitelist.

Browse Source
This commit is contained in:
naNuke 2015-01-24 22:37:14 +01:00 committed by Aidan Woods
parent 1140613fc7
commit bf5105cb1a
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
Parsedown.php
View File

@ -1262,13 +1262,18 @@ class Parsedown
$Element['attributes']['title'] = $Definition['title'];
}
if ( $this->safeLinksEnabled && stripos($Element['attributes']['href'], 'javascript:') === 0 )
if ( $this->safeLinksEnabled && preg_match("/^(\/|https?:\/\/|ftps?:\/\/)/ui", $Element['attributes']['href']) === 0 )
{
return;
}
$Element['attributes']['href'] = htmlspecialchars($Element['attributes']['href']);
$Element['text'] = htmlspecialchars($Element['text']);
$Element['attributes']['href'] = htmlspecialchars($Element['attributes']['href'], ENT_QUOTES);
$Element['text'] = htmlspecialchars($Element['text'], ENT_QUOTES);
if ( $Element['attributes']['title'] !== null )
{
$Element['attributes']['title'] = htmlspecialchars($Element['attributes']['title'], ENT_QUOTES);
}
return array(
'extent' => $extent,