From: Andrew Dolgov Date: Sun, 28 Oct 2012 08:52:15 +0000 (+0400) Subject: sanitize: strip comments and cdata sections X-Git-Tag: 1.6.1~48 X-Git-Url: https://git.wh0rd.org/?a=commitdiff_plain;h=bed064442ae6acb615b89ff23bd29f444af647e6;p=tt-rss.git sanitize: strip comments and cdata sections --- diff --git a/include/functions.php b/include/functions.php index a8f42d6d..eeed5650 100644 --- a/include/functions.php +++ b/include/functions.php @@ -2691,11 +2691,7 @@ $res = trim($str); if (!$res) return ''; - # we don't support CDATA sections in articles, they break our own escaping - $res = preg_replace("/\[\[CDATA/", "", $res); - $res = preg_replace("/\]\]\>/", "", $res); - - $config = array('safe' => 1, 'deny_attribute' => 'style'); + $config = array('safe' => 1, 'deny_attribute' => 'style', 'comment' => 1, 'cdata' => 1); $res = htmLawed($res, $config); if (get_pref($link, "STRIP_IMAGES", $owner)) {