disable scripts in rss entry content

author Andrew Dolgov <fox@bah.spb.su>

Sat, 5 Aug 2006 12:00:01 +0000 (13:00 +0100)

committer Andrew Dolgov <fox@bah.spb.su>

Sat, 5 Aug 2006 12:00:01 +0000 (13:00 +0100)
author Andrew Dolgov <fox@bah.spb.su>
Sat, 5 Aug 2006 12:00:01 +0000 (13:00 +0100)
committer Andrew Dolgov <fox@bah.spb.su>
Sat, 5 Aug 2006 12:00:01 +0000 (13:00 +0100)
diff --git a/functions.php b/functions.php

index 2e65f7a3508f5447d667c86226021416ab9375ef..133a8ccf9092a9039a70ebf80edc8afe6ea39734 100644 (file)
--- a/functions.php
+++ b/functions.php
@@ -530,6 +530,13 @@
  
                                 }
  
+                               # sanitize content
+                               $entry_content = preg_replace('/<script.*?>/i', 
+                                       "<p class=\"scriptWarn\">", $entry_content);
+
+                               $entry_content = preg_replace('/<\/script>/i', 
+                                       "</p>", $entry_content);
+
                                 db_query($link, "BEGIN");
  
                                 if (db_num_rows($result) == 0) {
diff --git a/tt-rss.css b/tt-rss.css

index f69d2444ed5d1070915b61cda3da4fc9d9952952..8d29213ba27efca0d4a496a0997a7171d62c2d99 100644 (file)
--- a/tt-rss.css
+++ b/tt-rss.css
@@ -1145,3 +1145,15 @@ span.debugTS {
  #backReqBox {
         display : none;
  }
+
+.scriptWarn:before {
+       content : "Disabled script:";
+}
+
+.scriptWarn {
+       color : white;
+       background-color : #903030;
+       border : 1px solid #601010;
+       padding : 3px;
+       font-weight : bold;
+}
author	Andrew Dolgov <fox@bah.spb.su>
	Sat, 5 Aug 2006 12:00:01 +0000 (13:00 +0100)
committer	Andrew Dolgov <fox@bah.spb.su>
	Sat, 5 Aug 2006 12:00:01 +0000 (13:00 +0100)
functions.php		patch \| blob \| blame \| history
tt-rss.css		patch \| blob \| blame \| history