Hard-coded protocol list in kses class
Status: Inactive
Brought to you by:
metaur
(Not sure if this is the right place to submit issues
with the kses class but here goes ...)
The kses class has a hard-coded list of allowed
protocols built in:
var $allowed_protocols = array('http', 'https', 'ftp',
'news', 'nntp', 'telnet', 'gopher', 'mailto');
The problem is that there is no way to remove a
protocol from that list. The Protocols() method will
only add to it.
Ideally (IMHO, at least) using Protocols() should
overwrite the above list, so that after calling e.g.
kses->Protocols(array ('http', 'https', 'ftp'));
only those three protocols are allowed, while e.g.
'gopher' would be removed.
Logged In: YES
user_id=573278
That sounds very reasonable. I'll talk to Richard (OOP kses
coder) about it.
Logged In: YES
user_id=573278
Fixed in 0.2.2. Thanks for your bug report!