forked from GNUsocial/gnu-social
Purify oembed html (again)
For a commit or two we didn't do this, because htmLawed failed to filter out CDATA javascript properly, but now we use HTML Purifier which works.
This commit is contained in:
parent
7e6783bb8f
commit
fb7f572eed
@ -198,6 +198,9 @@ class oEmbedHelper
|
||||
}
|
||||
|
||||
$oembed_data = HTTPClient::quickGetJson($api, $params);
|
||||
if (isset($oembed_data->html)) {
|
||||
$oembed_data->html = common_purify($oembed_data->html);
|
||||
}
|
||||
|
||||
return $oembed_data;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user