From: Andrew Dolgov Date: Thu, 21 Sep 2006 03:55:02 +0000 (+0100) Subject: disable html objects in article content, breaks layout X-Git-Tag: 1.2.4~108 X-Git-Url: https://git.wh0rd.org/?a=commitdiff_plain;h=a262b161f99cdc5cadb6571941c324f53bb3543e;p=tt-rss.git disable html objects in article content, breaks layout --- diff --git a/backend.php b/backend.php index e4329a26..ebbf33a6 100644 --- a/backend.php +++ b/backend.php @@ -650,6 +650,8 @@ $line["content"] = preg_replace("/href=/i", "target=\"_new\" href=", $line["content"]); } + $line["content"] = sanitize_rss($line["content"]); + print $line["content"] . ""; print ""; @@ -1335,13 +1337,13 @@ print ""; - $auth_login = db_fetch_result($result, 0, "auth_login"); + $auth_login = escape_for_form(db_fetch_result($result, 0, "auth_login")); print "Login:"; print ""; - $auth_pass = db_fetch_result($result, 0, "auth_pass"); + $auth_pass = escape_for_form(db_fetch_result($result, 0, "auth_pass")); print "Password:"; print "/i', "

", $res); + $res = preg_replace('/.*?<\/object>/i', + "

(Disabled html object + - flash or other embedded content)

", $str); + + $res = preg_replace('/<\/object>/i', + "

", $res); + return $res; } @@ -2637,4 +2644,8 @@ } } + function escape_for_form($s) { + return htmlspecialchars(db_unescape_string($s)); + } + ?> diff --git a/tt-rss.css b/tt-rss.css index 5f771fe6..ec4b5132 100644 --- a/tt-rss.css +++ b/tt-rss.css @@ -1172,6 +1172,12 @@ span.debugTS { font-weight : bold; } +.objectWarn { + color : gray; + padding : 3px; + font-style: italic; +} + table.loginForm2 { padding : 1em; }