sanitize: clear out @srcset/@sizes on images leading to http sites when running over...

diff --git a/include/functions2.php b/include/functions2.php
index 0386b52ed30443ac95f4278dffd51fb9756632c5..1a0cb6d22a9c6d66ef917ae5f29e3572d34db308 100755 (executable)
--- a/include/functions2.php
+++ b/include/functions2.php
@@ -892,6 +892,8 @@
 
                $entries = $xpath->query('(//a[@href]|//img[@src])');
 
+               $ttrss_uses_https = parse_url(get_self_url_prefix(), PHP_URL_SCHEME) === 'https';
+
                foreach ($entries as $entry) {
 
                        if ($site_url) {
@@ -916,6 +918,21 @@
                                }
 
                                if ($entry->nodeName == 'img') {
+                                       if ($entry->hasAttribute('src')) {
+                                               $is_https_url = parse_url($entry->getAttribute('src'), PHP_URL_SCHEME) === 'https';
+
+                                               if ($ttrss_uses_https && !$is_https_url) {
+
+                                                       if ($entry->hasAttribute('srcset')) {
+                                                               $entry->removeAttribute('srcset');
+                                                       }
+
+                                                       if ($entry->hasAttribute('sizes')) {
+                                                               $entry->removeAttribute('sizes');
+                                                       }
+                                               }
+                                       }
+
                                        if (($owner && get_pref("STRIP_IMAGES", $owner)) ||
                                                        $force_remove_images || $_SESSION["bw_limit"]) {