Add protocol whitelist for href/src attributes

- Add strict URL checker for src attributes - Add protocol whitelist for href attributes - Add error styling if URL fails to pass filter - Add doc for new htconfig value - Add emphasis to config key names in htconfig doc
2016-12-03 14:19:57 -05:00 · 2016-12-03 14:19:57 -05:00 · 979fc6d38a
commit 979fc6d38a
parent 47a370c5e3
4 changed files with 88 additions and 71 deletions
--- a/htconfig.php
+++ b/htconfig.php
@ -78,3 +78,6 @@ $a->config['system']['no_regfullname'] = true;

 // Location of the global directory
 $a->config['system']['directory'] = 'http://dir.friendi.ca';
+
+// Allowed protocols in link URLs; HTTP protocols always are accepted
+$a->config['system']['allowed_link_protocols'] = array('ftp', 'ftps', 'mailto', 'cid', 'gopher');