sanitize: strip comments and cdata sections

author Andrew Dolgov <fox@madoka.volgo-balt.ru>

Sun, 28 Oct 2012 08:52:15 +0000 (12:52 +0400)

committer Andrew Dolgov <fox@madoka.volgo-balt.ru>

Sun, 28 Oct 2012 08:52:15 +0000 (12:52 +0400)
author Andrew Dolgov <fox@madoka.volgo-balt.ru>
Sun, 28 Oct 2012 08:52:15 +0000 (12:52 +0400)
committer Andrew Dolgov <fox@madoka.volgo-balt.ru>
Sun, 28 Oct 2012 08:52:15 +0000 (12:52 +0400)
diff --git a/include/functions.php b/include/functions.php

index a8f42d6d5165b8b61596bab1a82b1c7b03d0d14f..eeed5650dff743deeb4763f40777601550b7b6f6 100644 (file)
--- a/include/functions.php
+++ b/include/functions.php
@@ -2691,11 +2691,7 @@
  
                 $res = trim($str); if (!$res) return '';
  
-               # we don't support CDATA sections in articles, they break our own escaping
-               $res = preg_replace("/\[\[CDATA/", "", $res);
-               $res = preg_replace("/\]\]\>/", "", $res);
-
-               $config = array('safe' => 1, 'deny_attribute' => 'style');
+               $config = array('safe' => 1, 'deny_attribute' => 'style', 'comment' => 1, 'cdata' => 1);
                 $res = htmLawed($res, $config);
  
                 if (get_pref($link, "STRIP_IMAGES", $owner)) {
author	Andrew Dolgov <fox@madoka.volgo-balt.ru>
	Sun, 28 Oct 2012 08:52:15 +0000 (12:52 +0400)
committer	Andrew Dolgov <fox@madoka.volgo-balt.ru>
	Sun, 28 Oct 2012 08:52:15 +0000 (12:52 +0400)