sanitize: clear out @srcset/@sizes on images leading to http sites when running over https

This commit is contained in:
Andrew Dolgov 2015-12-17 09:59:53 +03:00
parent 6eed9a7463
commit a536f94c8d
1 changed files with 17 additions and 0 deletions

View File

@ -892,6 +892,8 @@
$entries = $xpath->query('(//a[@href]|//img[@src])');
$ttrss_uses_https = parse_url(get_self_url_prefix(), PHP_URL_SCHEME) === 'https';
foreach ($entries as $entry) {
if ($site_url) {
@ -916,6 +918,21 @@
}
if ($entry->nodeName == 'img') {
if ($entry->hasAttribute('src')) {
$is_https_url = parse_url($entry->getAttribute('src'), PHP_URL_SCHEME) === 'https';
if ($ttrss_uses_https && !$is_https_url) {
if ($entry->hasAttribute('srcset')) {
$entry->removeAttribute('srcset');
}
if ($entry->hasAttribute('sizes')) {
$entry->removeAttribute('sizes');
}
}
}
if (($owner && get_pref("STRIP_IMAGES", $owner)) ||
$force_remove_images || $_SESSION["bw_limit"]) {