GNUsocial/gnu-social
4
0
Fork 1
Code Issues Releases Wiki Activity

use common_purify to purify HTML, one function to rule them all

Browse Source
This commit is contained in:
Mikael Nordfeldth
2015-02-18 00:14:28 +01:00
parent 3dce6d9f6a
commit 0deaf6c50c
4 changed files with 6 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
plugins/Blog/classes/Blog_entry.php
View File

@@ -117,10 +117,10 @@ class Blog_entry extends Managed_DataObject
$be->id = (string) new UUID();
$be->profile_id = $profile->id;
$be->title = $title; // Note: not HTML-protected
$be->content = self::purify($content);
$be->content = common_purify($content);
if (array_key_exists('summary', $options)) {
$be->summary = self::purify($options['summary']);
$be->summary = common_purify($options['summary']);
} else {
// Already purified
$be->summary = self::summarize($be->content);
@@ -241,18 +241,4 @@ class Blog_entry extends Managed_DataObject
return $obj;
}
/**
* Clean up input HTML
*/
static function purify($html)
{
require_once INSTALLDIR.'/extlib/htmLawed/htmLawed.php';
$config = array('safe' => 1,
'deny_attribute' => 'id,style,on*');
$pure = htmLawed($html, $config);
return $pure;
}
}