valvin
/
ttrss
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sanitize: strip comments and cdata sections

This commit is contained in:
Andrew Dolgov 2012-10-28 12:52:15 +04:00
parent c7fe1b4e9e
commit bed064442a
1 changed files with 1 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
include/functions.php
View File

@ -2691,11 +2691,7 @@
$res = trim($str); if (!$res) return '';
# we don't support CDATA sections in articles, they break our own escaping
$res = preg_replace("/\[\[CDATA/", "", $res);
$res = preg_replace("/\]\]\>/", "", $res);
$config = array('safe' => 1, 'deny_attribute' => 'style');
$config = array('safe' => 1, 'deny_attribute' => 'style', 'comment' => 1, 'cdata' => 1);
$res = htmLawed($res, $config);
if (get_pref($link, "STRIP_IMAGES", $owner)) {