GNUsocial/gnu-social
4
0
Fork 1
Code Issues Releases Wiki Activity

don't allow cdata elements in purified html

Browse Source
This commit is contained in:
hannes 2016-01-13 16:01:27 +00:00
parent c826fe0af4
commit 3e7e3de554
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/util.php
View File

@ -581,7 +581,8 @@ function common_purify($html)
$config = array('safe' => 1, // means that elements=* means elements=*-applet-embed-iframe-object-script or so $config = array('safe' => 1, // means that elements=* means elements=*-applet-embed-iframe-object-script or so
'elements' => '*', 'elements' => '*',
'deny_attribute' => 'id,style,on*'); 'deny_attribute' => 'id,style,on*',
'cdata' => 1);
// Remove more elements than what the 'safe' filter gives (elements must be '*' before this) // Remove more elements than what the 'safe' filter gives (elements must be '*' before this)
// http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed/htmLawed_README.htm#s3.6 // http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed/htmLawed_README.htm#s3.6