Merge pull request from GHSA-p94c-8qp5-gfpx

glpi-project · Apr 20, 2022 · ac9f1f0 · ac9f1f0
1 parent 1aa9fcc
commit ac9f1f0
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/Toolbox.php b/src/Toolbox.php
@@ -309,7 +309,7 @@ public static function unclean_cross_side_scripting_deep($value)
     public static function getHtmLawedSafeConfig(): array
     {
         $config = [
-            'elements'         => '* -applet -canvas -embed -form -object -script',
+            'elements'         => '* -applet -canvas -embed -form -object -script -link',
             'deny_attribute'   => 'on*, srcdoc',
             'comment'          => 1, // 1: remove HTML comments (and do not display their contents)
             'cdata'            => 1, // 1: remove CDATA sections (and do not display their contents)