Skip to content

Commit

Permalink
Forbid javascript scheme
Browse files Browse the repository at this point in the history
  • Loading branch information
@trasher
trasher committed Jun 20, 2019
1 parent b4ed40a commit 081338b
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions inc/html.class.php
View file
Expand Up @@ -91,6 +91,7 @@ static function clean($value, $striptags = true, $keep_bad = 2) {
'comment' => 1, // 1: remove
'cdata' => 1, // 1: remove
'direct_list_nest' => 1, // 1: Allow usage of ul/ol tags nested in other ul/ol tags
'schemes' => 'aim, app, feed, file, ftp, gopher, http, https, !javascript, irc, mailto, news, nntp, sftp, ssh, tel, telnet'
]
);

Expand Down

0 comments on commit 081338b

Please sign in to comment.