new option: STRIP_UNSAFE_TAGS

[tt-rss.git] / functions.php

diff --git a/functions.php b/functions.php
index 8ce6de89f5776ca44ae5c667268b28e23b20b225..c8ad1c5ea84989e1d2877552a72904883f4f4e52 100644 (file)
--- a/functions.php
+++ b/functions.php
@@ -2608,10 +2608,10 @@
        function sanitize_rss($str) {
                $res = $str;
 
-               $res = preg_replace('/<script.*?>/i', 
+/*             $res = preg_replace('/<script.*?>/i', 
                        "<p class=\"scriptWarn\">Disabled script: ", $res);
 
-               $res = preg_replace('/<\/script.*?>/i', "</p>", $res);
+               $res = preg_replace('/<\/script.*?>/i', "</p>", $res); */
 
 /*             $res = preg_replace('/<embed.*?>/i', "", $res);
 
@@ -2619,6 +2619,10 @@
                        "<p class=\"objectWarn\">(Disabled html object 
                        - flash or other embedded content)</p>", $res);  */
 
+               if (get_pref("STRIP_UNSAFE_TAGS")) {
+                       $res = strip_tags($res, "<p><a><i><em><b><strong><blockquote><br><img>");
+               }
+
                return $res;
        }