From 3a66e521fce0f7dbd1c2152d112718ccb00b4b46 Mon Sep 17 00:00:00 2001
From: Toks <tttoksss@gmail.com>
Date: Tue, 21 Apr 2015 15:10:14 -0400
Subject: [PATCH] #1932 disallow css urls

---
 app/logical/d_text.rb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/app/logical/d_text.rb b/app/logical/d_text.rb
index ff2e31586..6646bd936 100644
--- a/app/logical/d_text.rb
+++ b/app/logical/d_text.rb
@@ -322,7 +322,9 @@ class DText
           "href" => ["http", "https", :relative]
         }
       },
-      :css => Sanitize::Config::RELAXED[:css]
+      :css => Sanitize::Config::RELAXED[:css].merge({
+        :protocols => []
+      })
     )
   end
 end