From: Andrew Dolgov Date: Thu, 17 Dec 2015 06:59:53 +0000 (+0300) Subject: sanitize: clear out @srcset/@sizes on images leading to http sites when running over... X-Git-Tag: 16.3~69 X-Git-Url: https://git.wh0rd.org/?a=commitdiff_plain;h=a536f94c8d1796d34741d0f10b474b5ec67b496a;p=tt-rss.git sanitize: clear out @srcset/@sizes on images leading to http sites when running over https --- diff --git a/include/functions2.php b/include/functions2.php index 0386b52e..1a0cb6d2 100755 --- a/include/functions2.php +++ b/include/functions2.php @@ -892,6 +892,8 @@ $entries = $xpath->query('(//a[@href]|//img[@src])'); + $ttrss_uses_https = parse_url(get_self_url_prefix(), PHP_URL_SCHEME) === 'https'; + foreach ($entries as $entry) { if ($site_url) { @@ -916,6 +918,21 @@ } if ($entry->nodeName == 'img') { + if ($entry->hasAttribute('src')) { + $is_https_url = parse_url($entry->getAttribute('src'), PHP_URL_SCHEME) === 'https'; + + if ($ttrss_uses_https && !$is_https_url) { + + if ($entry->hasAttribute('srcset')) { + $entry->removeAttribute('srcset'); + } + + if ($entry->hasAttribute('sizes')) { + $entry->removeAttribute('sizes'); + } + } + } + if (($owner && get_pref("STRIP_IMAGES", $owner)) || $force_remove_images || $_SESSION["bw_limit"]) {