From: Andrew Dolgov Date: Wed, 16 May 2007 06:50:00 +0000 (+0100) Subject: new option: STRIP_UNSAFE_TAGS X-Git-Tag: schema_freeze_for_1.2.11~33 X-Git-Url: https://git.wh0rd.org/?a=commitdiff_plain;h=f826eee150ca01f14f20d8a017bac43d8b0f2a04;p=tt-rss.git new option: STRIP_UNSAFE_TAGS --- diff --git a/functions.php b/functions.php index 8ce6de89..c8ad1c5e 100644 --- a/functions.php +++ b/functions.php @@ -2608,10 +2608,10 @@ function sanitize_rss($str) { $res = $str; - $res = preg_replace('//i', +/* $res = preg_replace('//i', "

Disabled script: ", $res); - $res = preg_replace('/<\/script.*?>/i', "

", $res); + $res = preg_replace('/<\/script.*?>/i', "

", $res); */ /* $res = preg_replace('//i', "", $res); @@ -2619,6 +2619,10 @@ "

(Disabled html object - flash or other embedded content)

", $res); */ + if (get_pref("STRIP_UNSAFE_TAGS")) { + $res = strip_tags($res, "


"); + } + return $res; } diff --git a/schema/ttrss_schema_mysql.sql b/schema/ttrss_schema_mysql.sql index 25c2ec95..3ae45237 100644 --- a/schema/ttrss_schema_mysql.sql +++ b/schema/ttrss_schema_mysql.sql @@ -276,6 +276,9 @@ insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id) valu insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id) values('_INFOBOX_DISABLE_OVERLAY', 1, 'false', '', 1); +insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id,help_text) values('STRIP_UNSAFE_TAGS', 1, 'true', 'Strip unsafe tags from articles', 3, +'This option strips all, but most common HTML tags when reading articles.'); + create table ttrss_user_prefs ( owner_uid integer not null, pref_name varchar(250), diff --git a/schema/ttrss_schema_pgsql.sql b/schema/ttrss_schema_pgsql.sql index ed109e5f..b529a0a6 100644 --- a/schema/ttrss_schema_pgsql.sql +++ b/schema/ttrss_schema_pgsql.sql @@ -256,6 +256,9 @@ insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id) valu insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id) values('_INFOBOX_DISABLE_OVERLAY', 1, 'false', '', 1); +insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id,help_text) values('STRIP_UNSAFE_TAGS', 1, 'true', 'Strip unsafe tags from articles', 3, +'This option strips all, but most common HTML tags when reading articles.'); + create table ttrss_user_prefs ( owner_uid integer not null references ttrss_users(id) ON DELETE CASCADE, pref_name varchar(250) not null references ttrss_prefs(pref_name) ON DELETE CASCADE, diff --git a/schema/versions/mysql/17.sql b/schema/versions/mysql/17.sql index 1416be2c..3ddc5a13 100644 --- a/schema/versions/mysql/17.sql +++ b/schema/versions/mysql/17.sql @@ -2,4 +2,7 @@ insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id) valu insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id) values('_INFOBOX_DISABLE_OVERLAY', 1, 'false', '', 1); +insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id,help_text) values('STRIP_UNSAFE_TAGS', 1, 'true', 'Strip unsafe tags from articles', 3, +'This option strips all, but most common HTML tags when reading articles.'); + update ttrss_version set schema_version = 17; diff --git a/schema/versions/pgsql/17.sql b/schema/versions/pgsql/17.sql index 1416be2c..3ddc5a13 100644 --- a/schema/versions/pgsql/17.sql +++ b/schema/versions/pgsql/17.sql @@ -2,4 +2,7 @@ insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id) valu insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id) values('_INFOBOX_DISABLE_OVERLAY', 1, 'false', '', 1); +insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id,help_text) values('STRIP_UNSAFE_TAGS', 1, 'true', 'Strip unsafe tags from articles', 3, +'This option strips all, but most common HTML tags when reading articles.'); + update ttrss_version set schema_version = 17;