new option: STRIP_UNSAFE_TAGS

diff --git a/functions.php b/functions.php
index 8ce6de89f5776ca44ae5c667268b28e23b20b225..c8ad1c5ea84989e1d2877552a72904883f4f4e52 100644 (file)
--- a/functions.php
+++ b/functions.php
@@ -2608,10 +2608,10 @@
        function sanitize_rss($str) {
                $res = $str;
 
-               $res = preg_replace('/<script.*?>/i', 
+/*             $res = preg_replace('/<script.*?>/i', 
                        "<p class=\"scriptWarn\">Disabled script: ", $res);
 
-               $res = preg_replace('/<\/script.*?>/i', "</p>", $res);
+               $res = preg_replace('/<\/script.*?>/i', "</p>", $res); */
 
 /*             $res = preg_replace('/<embed.*?>/i', "", $res);
 
@@ -2619,6 +2619,10 @@
                        "<p class=\"objectWarn\">(Disabled html object 
                        - flash or other embedded content)</p>", $res);  */
 
+               if (get_pref("STRIP_UNSAFE_TAGS")) {
+                       $res = strip_tags($res, "<p><a><i><em><b><strong><blockquote><br><img>");
+               }
+
                return $res;
        }
 

diff --git a/schema/ttrss_schema_mysql.sql b/schema/ttrss_schema_mysql.sql
index 25c2ec95e2b9029dfde3dd4cd764215d7447c299..3ae4523707a2d410a89ac7cecc831925fd08e9f6 100644 (file)
--- a/schema/ttrss_schema_mysql.sql
+++ b/schema/ttrss_schema_mysql.sql
@@ -276,6 +276,9 @@ insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id) valu
 
 insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id) values('_INFOBOX_DISABLE_OVERLAY', 1, 'false', '', 1);
 
+insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id,help_text) values('STRIP_UNSAFE_TAGS', 1, 'true', 'Strip unsafe tags from articles', 3,
+'This option strips all, but most common HTML tags when reading articles.');
+
 create table ttrss_user_prefs (
    owner_uid integer not null,
    pref_name varchar(250),

diff --git a/schema/ttrss_schema_pgsql.sql b/schema/ttrss_schema_pgsql.sql
index ed109e5fd1abaca166e4b52a11ac44ae9bc52908..b529a0a6530e3d2fa89d19dd755336f05c186807 100644 (file)
--- a/schema/ttrss_schema_pgsql.sql
+++ b/schema/ttrss_schema_pgsql.sql
@@ -256,6 +256,9 @@ insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id) valu
 
 insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id) values('_INFOBOX_DISABLE_OVERLAY', 1, 'false', '', 1);
 
+insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id,help_text) values('STRIP_UNSAFE_TAGS', 1, 'true', 'Strip unsafe tags from articles', 3,
+'This option strips all, but most common HTML tags when reading articles.');
+
 create table ttrss_user_prefs (
        owner_uid integer not null references ttrss_users(id) ON DELETE CASCADE,
        pref_name varchar(250) not null references ttrss_prefs(pref_name) ON DELETE CASCADE,

diff --git a/schema/versions/mysql/17.sql b/schema/versions/mysql/17.sql
index 1416be2c1e149a5d6b7e3baafd915629341b0114..3ddc5a13ec9bc9f8ccaf5009e299e39481b7b0e4 100644 (file)
--- a/schema/versions/mysql/17.sql
+++ b/schema/versions/mysql/17.sql
@@ -2,4 +2,7 @@ insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id) valu
 
 insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id) values('_INFOBOX_DISABLE_OVERLAY', 1, 'false', '', 1);
 
+insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id,help_text) values('STRIP_UNSAFE_TAGS', 1, 'true', 'Strip unsafe tags from articles', 3,
+'This option strips all, but most common HTML tags when reading articles.');
+
 update ttrss_version set schema_version = 17;

diff --git a/schema/versions/pgsql/17.sql b/schema/versions/pgsql/17.sql
index 1416be2c1e149a5d6b7e3baafd915629341b0114..3ddc5a13ec9bc9f8ccaf5009e299e39481b7b0e4 100644 (file)
--- a/schema/versions/pgsql/17.sql
+++ b/schema/versions/pgsql/17.sql
@@ -2,4 +2,7 @@ insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id) valu
 
 insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id) values('_INFOBOX_DISABLE_OVERLAY', 1, 'false', '', 1);
 
+insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id,help_text) values('STRIP_UNSAFE_TAGS', 1, 'true', 'Strip unsafe tags from articles', 3,
+'This option strips all, but most common HTML tags when reading articles.');
+
 update ttrss_version set schema_version = 17;