aboutsummaryrefslogtreecommitdiffstats
path: root/vendor/ezyang/htmlpurifier/library/HTMLPurifier/AttrTransform/TargetBlank.php
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/ezyang/htmlpurifier/library/HTMLPurifier/AttrTransform/TargetBlank.php')
-rw-r--r--vendor/ezyang/htmlpurifier/library/HTMLPurifier/AttrTransform/TargetBlank.php6
1 files changed, 5 insertions, 1 deletions
diff --git a/vendor/ezyang/htmlpurifier/library/HTMLPurifier/AttrTransform/TargetBlank.php b/vendor/ezyang/htmlpurifier/library/HTMLPurifier/AttrTransform/TargetBlank.php
index dd63ea89c..cc30ab8c3 100644
--- a/vendor/ezyang/htmlpurifier/library/HTMLPurifier/AttrTransform/TargetBlank.php
+++ b/vendor/ezyang/htmlpurifier/library/HTMLPurifier/AttrTransform/TargetBlank.php
@@ -33,7 +33,11 @@ class HTMLPurifier_AttrTransform_TargetBlank extends HTMLPurifier_AttrTransform
// XXX Kind of inefficient
$url = $this->parser->parse($attr['href']);
- $scheme = $url->getSchemeObj($config, $context);
+
+ // Ignore invalid schemes (e.g. `javascript:`)
+ if (!($scheme = $url->getSchemeObj($config, $context))) {
+ return $attr;
+ }
if ($scheme->browsable && !$url->isBenign($config, $context)) {
$attr['target'] = '_blank';
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-27 09:31:31 +0000