valvin
/
ttrss
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

properly sanitize video poster attribute

This commit is contained in:
Andrew Dolgov 2021-09-24 08:40:06 +03:00
parent 8ed927dbd2
commit 949e2ab4d2
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
classes/sanitizer.php
View File

@ -68,7 +68,7 @@ class Sanitizer {
// $rewrite_base_url = $site_url ? $site_url : Config::get_self_url(); // $rewrite_base_url = $site_url ? $site_url : Config::get_self_url();
$rewrite_base_url = $site_url ? $site_url : "http://domain.invalid/"; $rewrite_base_url = $site_url ? $site_url : "http://domain.invalid/";
$entries = $xpath->query('(//a[@href]|//img[@src]|//source[@srcset|@src])'); $entries = $xpath->query('(//a[@href]|//img[@src]|//source[@srcset|@src]|//video[@poster])');
foreach ($entries as $entry) { foreach ($entries as $entry) {
@ -100,6 +100,11 @@ class Sanitizer {
$entry->setAttribute("srcset", RSSUtils::encode_srcset($matches)); $entry->setAttribute("srcset", RSSUtils::encode_srcset($matches));
} }
if ($entry->hasAttribute('poster')) {
$entry->setAttribute('poster',
UrlHelper::rewrite_relative($rewrite_base_url, $entry->getAttribute('poster'), $entry->tagName, "poster"));
}
if ($entry->hasAttribute('src') && if ($entry->hasAttribute('src') &&
($owner && get_pref(Prefs::STRIP_IMAGES, $owner)) || $force_remove_images || ($_SESSION["bw_limit"] ?? false)) { ($owner && get_pref(Prefs::STRIP_IMAGES, $owner)) || $force_remove_images || ($_SESSION["bw_limit"] ?? false)) {