2009/4/1 A.L.E.C alec@alec.pl:
Is there any (security?) reason to not allow links with any protocol in href attribute (washtml.php)?
This question should be asked to the original author of washtml. In general I'd be conservative when it comes to html cleaning. We may expand the list of allowed protocols but on the basis of a white list.
Protocols like file:// or others that invoke external apps are IMO dangerous and should not be linked directly.
Just my 2 cents...
~Thomas _______________________________________________ List info: http://lists.roundcube.net/dev/