diff options
| author | Andrew Dolgov <[email protected]> | 2020-04-29 19:12:29 +0300 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2020-04-29 19:12:29 +0300 |
| commit | e934e9f05e9315907dfebb83685510c0961c34aa (patch) | |
| tree | 92828f62e81fba20d58f43394b097f51b8d81254 /include/functions.php | |
| parent | 7d9dd51cf4ac5947bbf15ff5d2b263ec8e1f72e9 (diff) | |
sanitize: simplify initial attribute processing
Diffstat (limited to 'include/functions.php')
| -rw-r--r-- | include/functions.php | 17 |
1 files changed, 6 insertions, 11 deletions
diff --git a/include/functions.php b/include/functions.php index da409ed01..fb05b0f5c 100644 --- a/include/functions.php +++ b/include/functions.php @@ -1264,7 +1264,7 @@ $rewrite_base_url = $site_url ? $site_url : get_self_url_prefix(); - $entries = $xpath->query('(//a[@href]|//img[@src]|//video/source[@src]|//audio/source[@src]|//picture/source[@src]|//picture/source[@srcset])'); + $entries = $xpath->query('(//a[@href]|//img[@src]|//source[@srcset|@src])'); foreach ($entries as $entry) { @@ -1273,11 +1273,12 @@ rewrite_relative_url($rewrite_base_url, $entry->getAttribute('href'))); $entry->setAttribute('rel', 'noopener noreferrer'); + $entry->setAttribute("target", "_blank"); } if ($entry->hasAttribute('src')) { - $src = rewrite_relative_url($rewrite_base_url, $entry->getAttribute('src')); - $entry->setAttribute('src', $src); + $entry->setAttribute('src', + rewrite_relative_url($rewrite_base_url, $entry->getAttribute('src'))); } if ($entry->nodeName == 'img') { @@ -1321,17 +1322,10 @@ $entry->parentNode->parentNode->replaceChild($p, $entry->parentNode); } else if ($entry->nodeName == 'img') { - if ($entry->parentNode) $entry->parentNode->replaceChild($p, $entry); - } } - - if (strtolower($entry->nodeName) == "a") { - $entry->setAttribute("target", "_blank"); - $entry->setAttribute("rel", "noopener noreferrer"); - } } $entries = $xpath->query('//iframe'); @@ -1377,7 +1371,7 @@ $doc->removeChild($doc->firstChild); //remove doctype $doc = strip_harmful_tags($doc, $allowed_elements, $disallowed_attributes); - if ($highlight_words) { + if ($highlight_words && is_array($highlight_words)) { foreach ($highlight_words as $word) { // http://stackoverflow.com/questions/4081372/highlight-keywords-in-a-paragraph @@ -1767,6 +1761,7 @@ */ function error_json($code) { require_once "errors.php"; + global $ERRORS; @$message = $ERRORS[$code]; |