From e916dda8a68401c7023ac22ade2594cf73abbffb Mon Sep 17 00:00:00 2001
From: ralf <rb@egroupware.org>
Date: Mon, 12 Sep 2022 12:50:31 +0200
Subject: [PATCH] disallow https-urls too

---
 api/src/Html/HtmLawed.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/src/Html/HtmLawed.php b/api/src/Html/HtmLawed.php
index 2445d2eaca..33b410a521 100644
--- a/api/src/Html/HtmLawed.php
+++ b/api/src/Html/HtmLawed.php
@@ -177,7 +177,7 @@ class HtmLawed
 		$style = $style2buffer ?? '';
 		// clean out comments and stuff
 		$search = array(
-			'@url\(http:\/\/[^\)].*?\)@si',  // url calls e.g. in style definitions
+			'@url\(https?:\/\/[^\)].*?\)@si',  // url calls e.g. in style definitions
 //			'@<!--[\s\S]*?[ \t\n\r]*-->@',   // Strip multi-line comments including CDATA
 //			'@<!--[\s\S]*?[ \t\n\r]*--@',    // Strip broken multi-line comments including CDATA
 		);