Skip to content
Permalink
Browse files Browse the repository at this point in the history
Do not allow javascript: links in transformation
Signed-off-by: Michal Čihař <michal@cihar.com>
  • Loading branch information
nijel committed Jun 22, 2016
1 parent 519e634 commit 615212a
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 7 deletions.
Expand Up @@ -46,9 +46,14 @@ public static function getInfo()
*/
public function applyTransformation($buffer, $options = array(), $meta = '')
{
return '<a href="' . htmlspecialchars(isset($options[0]) ? $options[0] : '')
. htmlspecialchars($buffer) . '" target="_blank"><img src="'
. htmlspecialchars(isset($options[0]) ? $options[0] : '') . htmlspecialchars($buffer)
$url = (isset($options[0]) ? $options[0] : '') . $buffer;
$parsed = parse_url($url);
/* Do not allow javascript links */
if (isset($parsed['scheme']) && $parsed['scheme'] == 'javascript') {
return htmlspecialchars($url);
}
return '<a href="' . htmlspecialchars($url)
. '" target="_blank"><img src="' . htmlspecialchars($url)
. '" border="0" width="' . (isset($options[1]) ? $options[1] : 100)
. '" height="' . (isset($options[2]) ? $options[2] : 50) . '" />'
. htmlspecialchars($buffer) . '</a>';
Expand Down
Expand Up @@ -46,11 +46,14 @@ public static function getInfo()
*/
public function applyTransformation($buffer, $options = array(), $meta = '')
{
$append_part = (isset($options[2]) && $options[2]) ? '' : $buffer;

$url = (isset($options[0]) ? $options[0] : '') . ((isset($options[2]) && $options[2]) ? '' : $buffer);
$parsed = parse_url($url);
/* Do not allow javascript links */
if (isset($parsed['scheme']) && $parsed['scheme'] == 'javascript') {
return htmlspecialchars($url);
}
return '<a href="'
. htmlspecialchars(isset($options[0]) ? $options[0] : '')
. htmlspecialchars($append_part)
. htmlspecialchars($url)
. '" title="'
. htmlspecialchars(isset($options[1]) ? $options[1] : '')
. '" target="_new">'
Expand Down

0 comments on commit 615212a

Please sign in to comment.