diff --git a/core/lib/Drupal/Component/Utility/Xss.php b/core/lib/Drupal/Component/Utility/Xss.php index 60c3c08..f6488a9 100644 --- a/core/lib/Drupal/Component/Utility/Xss.php +++ b/core/lib/Drupal/Component/Utility/Xss.php @@ -346,7 +346,7 @@ protected static function filterProtocol($name, $value) { // If the value matches the typical namespace:value pattern used in RDFa, // return it directly. Otherwise, filter it. if (in_array($name, static::$rdfaAttributes)) { - return preg_match('/[a-zA-Z0-9]+\:[a-zA-Z0-9]+$/', $value) ? $value : UrlHelper::stripDangerousProtocols($value); + return preg_match('/^[a-zA-Z0-9]+\:[a-zA-Z0-9]+$/', $value) ? $value : UrlHelper::stripDangerousProtocols($value); } else { return UrlHelper::filterBadProtocol($value);