Skip to content

Commit

Permalink
Forbid javascript: URLs for url data type
Browse files Browse the repository at this point in the history 
(omeka#1688)
  • Loading branch information
@zerocrates
zerocrates committed Feb 10, 2021
1 parent ca4052c commit 442e395
Showing 1 changed file with 8 additions and 5 deletions.
13 changes: 8 additions & 5 deletions application/src/DataType/Uri.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,13 +25,16 @@ public function form(PhpRenderer $view)

public function isValid(array $valueObject)
{
if (isset($valueObject['@id'])
&& is_string($valueObject['@id'])
&& '' !== trim($valueObject['@id'])
if (!isset($valueObject['@id'])
|| !is_string($valueObject['@id'])
) {
return true;
return false;
}
return false;

$trimmed = trim($valueObject['@id']);
$scheme = parse_url($trimmed, \PHP_URL_SCHEME);

return !('' === $trimmed || $scheme === 'javascript');
}

public function hydrate(array $valueObject, Value $value, AbstractEntityAdapter $adapter)
Expand Down

0 comments on commit 442e395

Please sign in to comment.