|
Ultima modificación |
Ver Log
|
| Rev |
Autor |
Línea Nro. |
Línea |
| 1 |
efrain |
1 |
URI.AllowedSchemes
|
|
|
2 |
TYPE: lookup
|
|
|
3 |
--DEFAULT--
|
|
|
4 |
array (
|
|
|
5 |
'http' => true,
|
|
|
6 |
'https' => true,
|
|
|
7 |
'mailto' => true,
|
|
|
8 |
'ftp' => true,
|
|
|
9 |
'nntp' => true,
|
|
|
10 |
'news' => true,
|
|
|
11 |
'tel' => true,
|
|
|
12 |
)
|
|
|
13 |
--DESCRIPTION--
|
|
|
14 |
Whitelist that defines the schemes that a URI is allowed to have. This
|
|
|
15 |
prevents XSS attacks from using pseudo-schemes like javascript or mocha.
|
|
|
16 |
There is also support for the <code>data</code> and <code>file</code>
|
|
|
17 |
URI schemes, but they are not enabled by default.
|
|
|
18 |
--# vim: et sw=4 sts=4
|