diff options
| author | Andrew Dolgov <[email protected]> | 2006-08-05 13:00:01 +0100 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2006-08-05 13:00:01 +0100 |
| commit | d48d160c64f104785a6a52372271100e1a9803c6 (patch) | |
| tree | 5a17a47f340884ca6879b51bb0acd7d73ae50169 | |
| parent | 5c365f6055ffe61ddcc5f2e306499945e34ddf09 (diff) | |
disable scripts in rss entry content
| -rw-r--r-- | functions.php | 7 | ||||
| -rw-r--r-- | tt-rss.css | 12 |
2 files changed, 19 insertions, 0 deletions
diff --git a/functions.php b/functions.php index 2e65f7a35..133a8ccf9 100644 --- a/functions.php +++ b/functions.php @@ -530,6 +530,13 @@ } + # sanitize content + $entry_content = preg_replace('/<script.*?>/i', + "<p class=\"scriptWarn\">", $entry_content); + + $entry_content = preg_replace('/<\/script>/i', + "</p>", $entry_content); + db_query($link, "BEGIN"); if (db_num_rows($result) == 0) { diff --git a/tt-rss.css b/tt-rss.css index f69d2444e..8d29213ba 100644 --- a/tt-rss.css +++ b/tt-rss.css @@ -1145,3 +1145,15 @@ span.debugTS { #backReqBox { display : none; } + +.scriptWarn:before { + content : "Disabled script:"; +} + +.scriptWarn { + color : white; + background-color : #903030; + border : 1px solid #601010; + padding : 3px; + font-weight : bold; +} |