Commit 349dba8b authored by mmn's avatar mmn

Only allow our specified URI schemes

parent e903bd0b
......@@ -581,6 +581,7 @@ function common_purify($html)
$cfg = HTMLPurifier_Config::createDefault();
$cfg->set('HTML.ForbiddenAttributes', array('style')); // id, on* etc. are already filtered by default
$cfg->set('URI.AllowedSchemes', array_fill_keys(common_url_schemes(), true));
// Remove more elements than what the default filter removes, default in GNU social are remotely
// linked resources such as img, video, audio
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment