Remember to purify HTML...

2015-12-05 15:56:50 +01:00 · 2015-12-05 15:56:50 +01:00 · 376d545082
commit 376d545082
parent c498db147a
1 changed files with 1 additions and 1 deletions
--- a/classes/Notice.php
+++ b/classes/Notice.php
@ -814,7 +814,7 @@ class Notice extends Managed_DataObject
        // Use the local user's shortening preferences, if applicable.
        $stored->rendered = $actor->isLocal()
                                ? $actor->shortenLinks($act->content)
-                                : $act->content;
+                                : common_purify($act->content);
        $stored->content = common_strip_html($stored->rendered);

        // Maybe a missing act-time should be fatal if the actor is not local?