diff --git a/functions.php b/functions.php index 8ce6de89f..c8ad1c5ea 100644 --- a/functions.php +++ b/functions.php @@ -2608,10 +2608,10 @@ function sanitize_rss($str) { $res = $str; - $res = preg_replace('//i', +/* $res = preg_replace('//i', "

Disabled script: ", $res); - $res = preg_replace('/<\/script.*?>/i', "

", $res); + $res = preg_replace('/<\/script.*?>/i', "

", $res); */ /* $res = preg_replace('//i', "", $res); @@ -2619,6 +2619,10 @@ "

(Disabled html object - flash or other embedded content)

", $res); */ + if (get_pref("STRIP_UNSAFE_TAGS")) { + $res = strip_tags($res, "


"); + } + return $res; } diff --git a/schema/ttrss_schema_mysql.sql b/schema/ttrss_schema_mysql.sql index 25c2ec95e..3ae452370 100644 --- a/schema/ttrss_schema_mysql.sql +++ b/schema/ttrss_schema_mysql.sql @@ -276,6 +276,9 @@ insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id) valu insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id) values('_INFOBOX_DISABLE_OVERLAY', 1, 'false', '', 1); +insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id,help_text) values('STRIP_UNSAFE_TAGS', 1, 'true', 'Strip unsafe tags from articles', 3, +'This option strips all, but most common HTML tags when reading articles.'); + create table ttrss_user_prefs ( owner_uid integer not null, pref_name varchar(250), diff --git a/schema/ttrss_schema_pgsql.sql b/schema/ttrss_schema_pgsql.sql index ed109e5fd..b529a0a65 100644 --- a/schema/ttrss_schema_pgsql.sql +++ b/schema/ttrss_schema_pgsql.sql @@ -256,6 +256,9 @@ insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id) valu insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id) values('_INFOBOX_DISABLE_OVERLAY', 1, 'false', '', 1); +insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id,help_text) values('STRIP_UNSAFE_TAGS', 1, 'true', 'Strip unsafe tags from articles', 3, +'This option strips all, but most common HTML tags when reading articles.'); + create table ttrss_user_prefs ( owner_uid integer not null references ttrss_users(id) ON DELETE CASCADE, pref_name varchar(250) not null references ttrss_prefs(pref_name) ON DELETE CASCADE, diff --git a/schema/versions/mysql/17.sql b/schema/versions/mysql/17.sql index 1416be2c1..3ddc5a13e 100644 --- a/schema/versions/mysql/17.sql +++ b/schema/versions/mysql/17.sql @@ -2,4 +2,7 @@ insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id) valu insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id) values('_INFOBOX_DISABLE_OVERLAY', 1, 'false', '', 1); +insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id,help_text) values('STRIP_UNSAFE_TAGS', 1, 'true', 'Strip unsafe tags from articles', 3, +'This option strips all, but most common HTML tags when reading articles.'); + update ttrss_version set schema_version = 17; diff --git a/schema/versions/pgsql/17.sql b/schema/versions/pgsql/17.sql index 1416be2c1..3ddc5a13e 100644 --- a/schema/versions/pgsql/17.sql +++ b/schema/versions/pgsql/17.sql @@ -2,4 +2,7 @@ insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id) valu insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id) values('_INFOBOX_DISABLE_OVERLAY', 1, 'false', '', 1); +insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id,help_text) values('STRIP_UNSAFE_TAGS', 1, 'true', 'Strip unsafe tags from articles', 3, +'This option strips all, but most common HTML tags when reading articles.'); + update ttrss_version set schema_version = 17;