1
0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2025-07-10 17:26:25 +02:00

Make SafeScripting case-sensitive.

Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
This commit is contained in:
Edward Z. Yang
2018-11-11 16:21:34 -05:00
parent 4b6b3b31e8
commit 0f7b138aaf
3 changed files with 8 additions and 2 deletions

View File

@ -29,7 +29,7 @@ class HTMLPurifier_HTMLModule_SafeScripting extends HTMLPurifier_HTMLModule
// While technically not required by the spec, we're forcing
// it to this value.
'type' => 'Enum#text/javascript',
'src*' => new HTMLPurifier_AttrDef_Enum(array_keys($allowed))
'src*' => new HTMLPurifier_AttrDef_Enum(array_keys($allowed), /*case sensitive*/ true)
)
);
$script->attr_transform_pre[] =