X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=application%2Fhttp%2FUrlUtils.php;h=e8d1a283fca632ecce9af242f8676c7f824015a4;hb=30255b794ab3ddfaf2e813d173b445800102d748;hp=4bc84b823d7ce8d3d44dec028facb6ab28610aed;hpb=ff3b5dc5542ec150f0d9b447394364a15e9156d0;p=github%2Fshaarli%2FShaarli.git

diff --git a/application/http/UrlUtils.php b/application/http/UrlUtils.php
index 4bc84b82..e8d1a283 100644
--- a/application/http/UrlUtils.php
+++ b/application/http/UrlUtils.php
@@ -73,7 +73,7 @@ function add_trailing_slash($url)
  */
 function whitelist_protocols($url, $protocols)
 {
-    if (startsWith($url, '?') || startsWith($url, '/')) {
+    if (startsWith($url, '?') || startsWith($url, '/') || startsWith($url, '#')) {
         return $url;
     }
     $protocols = array_merge(['http', 'https'], $protocols);