commit 7263c18b719d89fbbc4446cff307c4479407e659
parent 370057097cd79ff5412523f497e7a400e5ca3516
Author: jubjubbird <44984270+jubjubbird@users.noreply.github.com>
Date: Tue, 12 Oct 2021 11:14:35 +0000
Allow clickable phone numbers (tel: URIs) (#697)
Extend the regexp related to "error-xss-filter" to include the tel: URI scheme.
Diffstat:
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/system/extensions/core.php b/system/extensions/core.php
@@ -2288,7 +2288,7 @@ class YellowLookup {
$location = str_replace("/./", "/", $location);
$location = str_replace(":", $this->yellow->toolbox->getLocationArgumentsSeparator(), $location);
} else {
- if ($filterStrict && !preg_match("/^(http|https|ftp|mailto):/", $location)) $location = "error-xss-filter";
+ if ($filterStrict && !preg_match("/^(http|https|ftp|mailto|tel):/", $location)) $location = "error-xss-filter";
}
return $location;
}
@@ -2298,7 +2298,7 @@ class YellowLookup {
if (!preg_match("/^\w+:/", $location)) {
$url = "$scheme://$address$base$location";
} else {
- if ($filterStrict && !preg_match("/^(http|https|ftp|mailto):/", $location)) $location = "error-xss-filter";
+ if ($filterStrict && !preg_match("/^(http|https|ftp|mailto|tel):/", $location)) $location = "error-xss-filter";
$url = $location;
}
return $url;
@@ -3429,11 +3429,11 @@ class YellowToolbox {
}
if ($filterStrict) {
$href = isset($elementAttributes["href"]) ? $elementAttributes["href"] : "";
- if (preg_match("/^\w+:/", $href) && !preg_match("/^(http|https|ftp|mailto):/", $href)) {
+ if (preg_match("/^\w+:/", $href) && !preg_match("/^(http|https|ftp|mailto|tel):/", $href)) {
$elementAttributes["href"] = "error-xss-filter";
}
$href = isset($elementAttributes["xlink:href"]) ? $elementAttributes["xlink:href"] : "";
- if (preg_match("/^\w+:/", $href) && !preg_match("/^(http|https|ftp|mailto):/", $href)) {
+ if (preg_match("/^\w+:/", $href) && !preg_match("/^(http|https|ftp|mailto|tel):/", $href)) {
$elementAttributes["xlink:href"] = "error-xss-filter";
}
}
