Skip to content
Permalink
Browse files

Add missing url encoding to protocol relative URLs

Protocol relative URLs were missed from the changes in #11092 as they
are handled by a different code branch.
  • Loading branch information...
markstory committed Nov 15, 2017
1 parent 600e90d commit e1d4bc134c3c063b67d8f910752a3e06f9e54b77
Showing with 4 additions and 1 deletion.
  1. +1 −1 src/View/Helper/UrlHelper.php
  2. +3 −0 tests/TestCase/View/Helper/HtmlHelperTest.php
@@ -159,7 +159,7 @@ public function assetUrl($path, array $options = [])
$path .= $options['ext'];
}
if (preg_match('|^([a-z0-9]+:)?//|', $path)) {
return $path;
return $this->build($path);
}
if (isset($plugin)) {
$path = Inflector::underscore($plugin) . '/' . $path;
@@ -358,7 +358,10 @@ public function testImageTag()
$result = $this->Html->image('x:"><script>alert(1)</script>');
$expected = ['img' => ['src' => 'x:&quot;&gt;&lt;script&gt;alert(1)&lt;/script&gt;', 'alt' => '']];
$this->assertHtml($expected, $result);
$result = $this->Html->image('//google.com/"><script>alert(1)</script>');
$expected = ['img' => ['src' => '//google.com/&quot;&gt;&lt;script&gt;alert(1)&lt;/script&gt;', 'alt' => '']];
$this->assertHtml($expected, $result);
}

0 comments on commit e1d4bc1

Please sign in to comment.
You can’t perform that action at this time.