sanitize: force strip unnecessary data outside of <body>...</body> tags generated...

author Andrew Dolgov <noreply@fakecake.org>

Fri, 29 Apr 2016 18:59:34 +0000 (21:59 +0300)

committer Andrew Dolgov <noreply@fakecake.org>

Fri, 29 Apr 2016 18:59:34 +0000 (21:59 +0300)
author Andrew Dolgov <noreply@fakecake.org>
Fri, 29 Apr 2016 18:59:34 +0000 (21:59 +0300)
committer Andrew Dolgov <noreply@fakecake.org>
Fri, 29 Apr 2016 18:59:34 +0000 (21:59 +0300)
diff --git a/include/functions2.php b/include/functions2.php

index 1c2ffb9369329532ad8c0571fd98e039f9f6f5f4..0a4f4309ee2dacb8df786ebe6dfa6a21eb095cde 100644 (file)
--- a/include/functions2.php
+++ b/include/functions2.php
@@ -1034,7 +1034,14 @@
  
                 $res = $doc->saveHTML();
  
-               return $res;
+               /* strip everything outside of <body>...</body> */
+
+               $res_frag = array();
+               if (preg_match('/<body>(.*)<\/body>/is', $res, $res_frag)) {
+                       return $res_frag[1];
+               } else {
+                       return $res;
+               }
         }
  
         function strip_harmful_tags($doc, $allowed_elements, $disallowed_attributes) {
author	Andrew Dolgov <noreply@fakecake.org>
	Fri, 29 Apr 2016 18:59:34 +0000 (21:59 +0300)
committer	Andrew Dolgov <noreply@fakecake.org>
	Fri, 29 Apr 2016 18:59:34 +0000 (21:59 +0300)