diff options
| author | Andrew Dolgov <[email protected]> | 2015-12-17 09:59:53 +0300 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2015-12-17 09:59:53 +0300 |
| commit | a536f94c8d1796d34741d0f10b474b5ec67b496a (patch) | |
| tree | 96987525d7f0435c25981fc29c6b63507bce7a7d /include/functions2.php | |
| parent | 6eed9a7463443d206bb9f9369b77be70ac84d9de (diff) | |
sanitize: clear out @srcset/@sizes on images leading to http sites when running over https
Diffstat (limited to 'include/functions2.php')
| -rwxr-xr-x | include/functions2.php | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/include/functions2.php b/include/functions2.php index 0386b52ed..1a0cb6d22 100755 --- a/include/functions2.php +++ b/include/functions2.php @@ -892,6 +892,8 @@ $entries = $xpath->query('(//a[@href]|//img[@src])'); + $ttrss_uses_https = parse_url(get_self_url_prefix(), PHP_URL_SCHEME) === 'https'; + foreach ($entries as $entry) { if ($site_url) { @@ -916,6 +918,21 @@ } if ($entry->nodeName == 'img') { + if ($entry->hasAttribute('src')) { + $is_https_url = parse_url($entry->getAttribute('src'), PHP_URL_SCHEME) === 'https'; + + if ($ttrss_uses_https && !$is_https_url) { + + if ($entry->hasAttribute('srcset')) { + $entry->removeAttribute('srcset'); + } + + if ($entry->hasAttribute('sizes')) { + $entry->removeAttribute('sizes'); + } + } + } + if (($owner && get_pref("STRIP_IMAGES", $owner)) || $force_remove_images || $_SESSION["bw_limit"]) { |