a href="file://" being filtered out [#889074]

Typically, HTML purifier allows all forms of the a attribute, but for some reason it filters out the "file://" protocol, leaving only the surrounding the text. I believe the problem can be fixed by adding it into the one of the "Allowed sections" of the configuration page, though there is no "allowed protocol."

Comments

Comment #1

Ender2 commented 20 August 2010 at 16:14

Title:

a href="file://"

» a href="file://" being filtered out

Comment #2

attheshow commented 20 August 2010 at 16:20

subscribing

Comment #3

ezyang commented 20 August 2010 at 16:31

Status:

Active

» Postponed (maintainer needs more info)

Why do you need file:// links? They were consciously left out as a security risk.

Comment #4

Ender2 commented 20 August 2010 at 16:44

One of our college departments uses it to map to a video file on a consistently named and mapped network drive. The page that contains the link will likely require authentication.

Comment #5

ezyang commented 9 September 2010 at 04:01

Status:

Postponed (maintainer needs more info)

» Fixed

Fixed in upstream Git, pending new release.

http://repo.or.cz/w/htmlpurifier.git/commit/ec86598446cdf193f866cc018518...

Comment #6

23 September 2010 at 04:10

Status:

Fixed

» Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

a href="file://" being filtered out

Comments

Comment #1

Comment #2

Comment #3

Comment #4

Comment #5

Comment #6

News items

Our community

Documentation

Drupal code base

Governance of community