Enhance security for all url inside fields

GSIT-ITSM-ITAM · Nov 18, 2022 · bf9d252 · bf9d252
1 parent 2404cd7
commit bf9d252
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 1 deletion.
diff --git a/inc/toolbox.class.php b/inc/toolbox.class.php
@@ -489,7 +489,7 @@ function($element) {
          'comment'          => 1, // 1: remove HTML comments (and do not display their contents)
          'cdata'            => 1, // 1: remove CDATA sections (and do not display their contents)
          'direct_list_nest' => 1, // 1: Allow usage of ul/ol tags nested in other ul/ol tags
-         'schemes'          => '*: aim, app, feed, file, ftp, gopher, http, https, irc, mailto, news, nntp, sftp, ssh, tel, telnet, notes'
+         'safe'             => 1,
       ];
       if (!GLPI_ALLOW_IFRAME_IN_RICH_TEXT) {
          $config['elements'] .= '-iframe';

diff --git a/tests/units/Html.php b/tests/units/Html.php
@@ -175,6 +175,8 @@ public function providerClean() {
          ['From: Test User <[email protected]>', 'From: Test User [email protected]', 'From: Test User [email protected]'],
          // <a href="mailto:[email protected]"> should be preserved
          ['Email me @: <a href="mailto:[email protected]">[email protected]</a>', 'Email me @: [email protected]', 'Email me @: <a href="mailto:[email protected]">[email protected]</a>'],
+         // <a href="http://google.com"> should be preserved
+         ['Website: <a href="http://google.com">http://google.com</a>', 'Website: http://google.com', 'Website: <a href="http://google.com">http://google.com</a>'],
       ];
    }