Allow data uri scheme see #6814

12 years ago · 506d7e060b
parent 90ac4c9b2a
commit 506d7e060b
1 changed files with 12 additions and 0 deletions
--- a/main/inc/lib/security.lib.php
+++ b/main/inc/lib/security.lib.php
@ -346,6 +346,18 @@ class Security
            $config->set('CSS.AllowImportant', true);
            $config->set('CSS.AllowTricky', true); // We need for the flv player the css definition display: none;
            $config->set('CSS.Proprietary', true);
+
+            // Allow uri scheme.
+            $config->set('URI.AllowedSchemes', array(
+                'http' => true,
+                'https' => true,
+                'mailto' => true,
+                'ftp' => true,
+                'nntp' => true,
+                'news' => true,
+                'data' => true,
+            ));
+
            $purifier[$user_status] = new HTMLPurifier($config);
        }