1
0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2025-07-10 17:26:25 +02:00

[SafeScripting] disable autoclosing of <script /> tag (#198)

This commit is contained in:
Dimitri Gritsajuk
2018-11-11 21:04:11 +01:00
committed by Edward Z. Yang
parent b74425bee5
commit 5a01e6535d
3 changed files with 11 additions and 3 deletions

View File

@ -23,7 +23,7 @@ class HTMLPurifier_HTMLModule_SafeScripting extends HTMLPurifier_HTMLModule
$script = $this->addElement(
'script',
'Inline',
'Empty',
'Optional:', // Not `Empty` to not allow to autoclose the <script /> tag @see https://www.w3.org/TR/html4/interact/scripts.html
null,
array(
// While technically not required by the spec, we're forcing