Filters out URLs no matter what you put into the filter settings.

jamuraa - January 23, 2009 - 18:44

Project:	WYSIWYG Filter
Version:	6.x-1.x-dev
Component:	Code
Category:	bug report
Priority:	normal
Assigned:	Unassigned
Status:	closed

This module filters out urls like background-image: url(http://example.com/image.jpg) no matter what you put in the "allowed URLs" box, because it tosses out anything with a non-standard protocol, and url(http isn't an allowed protocol. Since this module has it's own xss protocol filter, I patched this bug by allowing the protocols 'url(http', 'url("http', 'url(https', and 'url("https'.

Attachment	Size
fix_url_removed_by_xss_bad_protocol.patch	1.14 KB

» Login or register to post comments

#1

markus_petrux - January 23, 2009 - 19:44

Would you mind trying this one?

Function wysiwyg_filter_xss_bad_protocol() is not altered, but the caller is fixed instead.

Attachment	Size
wysiwyg_filter-363284-1.patch	1.59 KB

#2

jamuraa - January 23, 2009 - 20:44

This patch tests fine for me as well, and is the correct way to solve this issue, I should have done it this way.

#3

markus_petrux - January 24, 2009 - 14:28

Status:

needs review

» reviewed & tested by the community

I'll commit this as soon as possible. Thanks

#4

markus_petrux - February 18, 2009 - 16:08

Status:

reviewed & tested by the community

» fixed

Fixed in CVS.

#5

markus_petrux - February 18, 2009 - 16:08

Status:

fixed

» closed

Filters out URLs no matter what you put into the filter settings.

Jump to:

#1

#2

#3

#4

#5

User login

Contributor links