From ac9f1f03c5d2545b7e290197dbfebc3f752f810e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9dric=20Anne?= <cedric.anne@gmail.com>
Date: Wed, 20 Apr 2022 09:40:28 +0200
Subject: [PATCH] Merge pull request from GHSA-p94c-8qp5-gfpx

---
 src/Toolbox.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Toolbox.php b/src/Toolbox.php
index 9e6b949e6dd..553205a3656 100644
--- a/src/Toolbox.php
+++ b/src/Toolbox.php
@@ -309,7 +309,7 @@ public static function unclean_cross_side_scripting_deep($value)
     public static function getHtmLawedSafeConfig(): array
     {
         $config = [
-            'elements'         => '* -applet -canvas -embed -form -object -script',
+            'elements'         => '* -applet -canvas -embed -form -object -script -link',
             'deny_attribute'   => 'on*, srcdoc',
             'comment'          => 1, // 1: remove HTML comments (and do not display their contents)
             'cdata'            => 1, // 1: remove CDATA sections (and do not display their contents)