From ad8b235bb8637ce75cccdaa8957cc5826813ed60 Mon Sep 17 00:00:00 2001 From: Marcin Kurczewski Date: Sun, 9 Nov 2014 15:26:48 +0100 Subject: [PATCH] Banned a few characters from usage in tags --- src/Validator.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/Validator.php b/src/Validator.php index 71c592bb..8bd7c651 100644 --- a/src/Validator.php +++ b/src/Validator.php @@ -88,10 +88,10 @@ class Validator throw new \DomainException('Tags cannot be empty.'); //<> causes HTML injection and problems with Markdown. - //\/ causes problems with URLs. - //; causes problems with search argument parsing in JS frontend. + //\/?& causes problems with URLs. + //#; causes problems with search argument parsing in JS frontend. //whitespace causes problems with search. - $illegalCharacters = str_split("<>;\\/\r\n\t " . chr(160)); + $illegalCharacters = str_split("<>#;\\/?&\r\n\t " . chr(160)); foreach ($tags as $tag) { if (empty($tag))