diff options
author | Andrew Dolgov <[email protected]> | 2016-04-29 21:59:34 +0300 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2016-04-29 21:59:34 +0300 |
commit | 42f78188d010458d140ab1305c056e9c9c755e92 (patch) | |
tree | 6c1e3013c14dccc1d251e81aba73827dd857cd8a /include/functions2.php | |
parent | 977cea1438dafcdc98756b070a1383e5887d64c1 (diff) |
sanitize: force strip unnecessary data outside of <body>...</body> tags generated by DOMDocument::saveHTML()
Diffstat (limited to 'include/functions2.php')
-rw-r--r-- | include/functions2.php | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/include/functions2.php b/include/functions2.php index 1c2ffb936..0a4f4309e 100644 --- a/include/functions2.php +++ b/include/functions2.php @@ -1034,7 +1034,14 @@ $res = $doc->saveHTML(); - return $res; + /* strip everything outside of <body>...</body> */ + + $res_frag = array(); + if (preg_match('/<body>(.*)<\/body>/is', $res, $res_frag)) { + return $res_frag[1]; + } else { + return $res; + } } function strip_harmful_tags($doc, $allowed_elements, $disallowed_attributes) { |