From 424530d9afbee2b2ba0d9b80679fbd0e4ec2d4e2 Mon Sep 17 00:00:00 2001 From: aguy Date: Fri, 28 Feb 2020 15:14:22 +0000 Subject: Add an exception to method 'whitelist_protocols' for url which started with '#' This is to allow local link for markdown, actually a local link write with this syntax : '[anchor](#local_link)' produce this html code: http://#local_link --- application/http/UrlUtils.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'application') diff --git a/application/http/UrlUtils.php b/application/http/UrlUtils.php index 4bc84b82..e8d1a283 100644 --- a/application/http/UrlUtils.php +++ b/application/http/UrlUtils.php @@ -73,7 +73,7 @@ function add_trailing_slash($url) */ function whitelist_protocols($url, $protocols) { - if (startsWith($url, '?') || startsWith($url, '/')) { + if (startsWith($url, '?') || startsWith($url, '/') || startsWith($url, '#')) { return $url; } $protocols = array_merge(['http', 'https'], $protocols); -- cgit v1.2.3