Introduce whitelist test for link protocols. (#13798)

* Introduce whitelist test for link protocols. * Two more url fixes. * Add whole_url escape filter to do url trustworthiness check. * Use whole_url in conjunction w/ html_attr, since twig will automatically apply html if not done. * Use existing safelink filter. * Regex tweak.
author: diosmosis <diosmosis@users.noreply.github.com> 2018-12-10 22:29:46 +0300
committer: GitHub <noreply@github.com> 2018-12-10 22:29:46 +0300
commit: 43b61590e51980965c8c9731d79e0b1479e8feb6 (patch)
tree: 4fa7af2b7fbf7dd635af1bab02be31f0653d2acc /plugins/Actions
parent: 4d61d27f1a5faa4470a6831fa077733e3b8a208d (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/plugins/Actions/templates/_profileSummary.twig b/plugins/Actions/templates/_profileSummary.twig
index e16df663df..3007a937a1 100644
--- a/plugins/Actions/templates/_profileSummary.twig
+++ b/plugins/Actions/templates/_profileSummary.twig
@@ -11,7 +11,7 @@
                             url|trim|lower starts with 'data:' %}
                                 {{ url }}
                             {% else %}
-                                <a href="{{ url }}" rel="noreferrer noopener" target="_blank"
+                                <a href="{{ url|safelink|e('html_attr') }}" rel="noreferrer noopener" target="_blank"
                                    class="action-list-url truncated-text-line">
                                     {{ url|replace({'http://': '', 'https://': ''}) }}
                                 </a>
author	diosmosis <diosmosis@users.noreply.github.com>	2018-12-10 22:29:46 +0300
committer	GitHub <noreply@github.com>	2018-12-10 22:29:46 +0300
commit	43b61590e51980965c8c9731d79e0b1479e8feb6 (patch)
tree	4fa7af2b7fbf7dd635af1bab02be31f0653d2acc /plugins/Actions
parent	4d61d27f1a5faa4470a6831fa077733e3b8a208d (diff)