From daba3f287190ab58bde1db5eaaa09da42c8d5c57 Mon Sep 17 00:00:00 2001 From: aguy tech Date: Sun, 1 Mar 2020 12:45:27 +0100 Subject: Add an exception to method 'whitelist_protocols' for url started with '#' Allows local link for markdown. Actually a local link write with '[text](#local_link)' in MD syntax produce 'http://#local_link' in place of '#local_link' --- application/http/UrlUtils.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'application/http') diff --git a/application/http/UrlUtils.php b/application/http/UrlUtils.php index 4bc84b82..e8d1a283 100644 --- a/application/http/UrlUtils.php +++ b/application/http/UrlUtils.php @@ -73,7 +73,7 @@ function add_trailing_slash($url) */ function whitelist_protocols($url, $protocols) { - if (startsWith($url, '?') || startsWith($url, '/')) { + if (startsWith($url, '?') || startsWith($url, '/') || startsWith($url, '#')) { return $url; } $protocols = array_merge(['http', 'https'], $protocols); -- cgit v1.2.3