summaryrefslogtreecommitdiff
path: root/inc/parser/xhtmlsummary.php
diff options
context:
space:
mode:
authorAndreas Gohr <andi@splitbrain.org>2011-06-14 19:50:29 +0200
committerAndreas Gohr <andi@splitbrain.org>2011-06-14 20:44:58 +0200
commitb52b15965611fc865058c0331b55e4e9bccabd2e (patch)
tree6227bcc2789616f316b1de650997f6e217e2a593 /inc/parser/xhtmlsummary.php
parent5f27cb0eab98fa6b4856278436d6aacadc4a1acb (diff)
downloadrpg-b52b15965611fc865058c0331b55e4e9bccabd2e.tar.gz
rpg-b52b15965611fc865058c0331b55e4e9bccabd2e.tar.bz2
only allow configured URL schemes in external links
This fixes a problem where JavaScript could be introduced through specially crafted RSS feeds on a lower level than the commit from yesterday (1ca2719c7488662ebd7964c0d026e0890f923ee9) This also fixes a problem where JavaScript links could be introduced by specifying it as an RSS URL: the resulting error message displays a link to the broken feed URL. This patch makes sure there's no working link for unknown protocols.
Diffstat (limited to 'inc/parser/xhtmlsummary.php')
0 files changed, 0 insertions, 0 deletions
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-12 10:47:09 +0000