diff options
author | diosmosis <diosmosis@users.noreply.github.com> | 2018-12-10 22:29:46 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-12-10 22:29:46 +0300 |
commit | 43b61590e51980965c8c9731d79e0b1479e8feb6 (patch) | |
tree | 4fa7af2b7fbf7dd635af1bab02be31f0653d2acc /plugins/Events | |
parent | 4d61d27f1a5faa4470a6831fa077733e3b8a208d (diff) |
Introduce whitelist test for link protocols. (#13798)
* Introduce whitelist test for link protocols.
* Two more url fixes.
* Add whole_url escape filter to do url trustworthiness check.
* Use whole_url in conjunction w/ html_attr, since twig will automatically apply html if not done.
* Use existing safelink filter.
* Regex tweak.
Diffstat (limited to 'plugins/Events')
-rw-r--r-- | plugins/Events/templates/_actionEvent.twig | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/plugins/Events/templates/_actionEvent.twig b/plugins/Events/templates/_actionEvent.twig index d360a0410c..9b2588aa2c 100644 --- a/plugins/Events/templates/_actionEvent.twig +++ b/plugins/Events/templates/_actionEvent.twig @@ -15,7 +15,7 @@ action.url|trim|lower starts with 'data:' %} {{ action.url }} {% else %} - <a href="{{ action.url }}" rel="noreferrer noopener" target="_blank" class="truncated-text-line"> + <a href="{{ action.url|safelink|e('html_attr') }}" rel="noreferrer noopener" target="_blank" class="truncated-text-line"> {{ action.url|replace({'http://': '', 'https://': ''}) }} </a> {% endif %} |