]>
Commit | Line | Data |
---|---|---|
f45a286b AD |
1 | URI.AllowedSchemes |
2 | TYPE: lookup | |
3 | --DEFAULT-- | |
4 | array ( | |
5 | 'http' => true, | |
6 | 'https' => true, | |
7 | 'mailto' => true, | |
8 | 'ftp' => true, | |
9 | 'nntp' => true, | |
10 | 'news' => true, | |
11 | ) | |
12 | --DESCRIPTION-- | |
13 | Whitelist that defines the schemes that a URI is allowed to have. This | |
14 | prevents XSS attacks from using pseudo-schemes like javascript or mocha. | |
f4f0f80d AD |
15 | There is also support for the <code>data</code> and <code>file</code> |
16 | URI schemes, but they are not enabled by default. | |
f45a286b | 17 | --# vim: et sw=4 sts=4 |