From ee305891c43ccf8e76d107a89e1626a373d1ecaa Mon Sep 17 00:00:00 2001
From: hannes <h@nnesmannerhe.im>
Date: Wed, 13 Jan 2016 16:03:38 +0000
Subject: [PATCH] purify oembed html

---
 plugins/Oembed/lib/oembedhelper.php | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/plugins/Oembed/lib/oembedhelper.php b/plugins/Oembed/lib/oembedhelper.php
index 7abd76109a..b0527b7529 100644
--- a/plugins/Oembed/lib/oembedhelper.php
+++ b/plugins/Oembed/lib/oembedhelper.php
@@ -158,7 +158,15 @@ class oEmbedHelper
         if(isset($key)) {
             $params['key'] = common_config('oembed','apikey');
         }
-        return HTTPClient::quickGetJson($api, $params);
+        
+        $oembed_data = HTTPClient::quickGetJson($api, $params);
+        
+        // purify html
+        if(isset($oembed_data->html)) {
+        	$oembed_data->html = common_purify($oembed_data->html);
+        	}
+        
+        return $oembed_data;
     }
 
     /**
@@ -211,4 +219,4 @@ class oEmbedHelper_DiscoveryException extends oEmbedHelper_Exception
     {
         return parent::__construct('No oEmbed discovery data.', 0, $previous);
     }
-}
+}
\ No newline at end of file