diff options
| author | Andrew Dolgov <[email protected]> | 2021-09-24 08:40:06 +0300 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2021-09-24 08:40:06 +0300 |
| commit | 949e2ab4d283244594414fa09d100187865c0657 (patch) | |
| tree | d2540d97426405b9aa3280520f613ab5650099a0 | |
| parent | 8ed927dbd2b54aaabe6be75f9fcf4145e2c3249a (diff) | |
properly sanitize video poster attribute
| -rw-r--r-- | classes/sanitizer.php | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/classes/sanitizer.php b/classes/sanitizer.php index 0a444a296..3f6e9504e 100644 --- a/classes/sanitizer.php +++ b/classes/sanitizer.php @@ -68,7 +68,7 @@ class Sanitizer { // $rewrite_base_url = $site_url ? $site_url : Config::get_self_url(); $rewrite_base_url = $site_url ? $site_url : "http://domain.invalid/"; - $entries = $xpath->query('(//a[@href]|//img[@src]|//source[@srcset|@src])'); + $entries = $xpath->query('(//a[@href]|//img[@src]|//source[@srcset|@src]|//video[@poster])'); foreach ($entries as $entry) { @@ -100,6 +100,11 @@ class Sanitizer { $entry->setAttribute("srcset", RSSUtils::encode_srcset($matches)); } + if ($entry->hasAttribute('poster')) { + $entry->setAttribute('poster', + UrlHelper::rewrite_relative($rewrite_base_url, $entry->getAttribute('poster'), $entry->tagName, "poster")); + } + if ($entry->hasAttribute('src') && ($owner && get_pref(Prefs::STRIP_IMAGES, $owner)) || $force_remove_images || ($_SESSION["bw_limit"] ?? false)) { |