mirror/php-htmlpurifier
1
0
Fork 0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2025-07-31 19:30:21 +02:00
Code Issues Releases Wiki Activity

Make URI parsing algorithm more strict.

Browse Source 
Thanks Michael Gusev <mgusev@sugarcrm.com> for contributing this patch.

Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
This commit is contained in:
Edward Z. Yang
2013-04-16 13:46:00 -07:00
parent 20eff0a3a0
commit 6e37ecd1c8
3 changed files with 13 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
library/HTMLPurifier/URIParser.php
View File

@@ -30,7 +30,7 @@ class HTMLPurifier_URIParser
// Note that ["<>] are an addition to the RFC's recommended
// characters, because they represent external delimeters.
$r_URI = '!'.
'(([^:/?#"<>]+):)?'. // 2. Scheme
'(([a-zA-Z0-9\.\+\-]+):)?'. // 2. Scheme
'(//([^/?#"<>]*))?'. // 4. Authority
'([^?#"<>]*)'. // 5. Path
'(\?([^#"<>]*))?'. // 7. Query