Closed jurajmajor closed 5 years ago
Interesting. If you have a moment, could you create some failing tests for these scenarios and put them in a pull request? We could merge them when we have a look at fixing this.
Yes, I'll try to submit it later this week.
I tried the following:
None of these links are filtered, but if I open the output in a browser (tested in Firefox 60 and Chrome 70), Javascript gets executed after click on any link.
Same behaviour can be observed with hexadecimal entities (
sprintf('&#x%x;', $byte)
) or withchr($byte)
instead of entities.Maybe this is an issue of browsers behaving incorrectly, or of the
URI
module, but I guess it's better to let you know.