diff options
| author | Andrew Dolgov <[email protected]> | 2012-10-28 12:52:15 +0400 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2012-10-28 12:52:15 +0400 |
| commit | bed064442ae6acb615b89ff23bd29f444af647e6 (patch) | |
| tree | 6a00e0c29345f763b1a63e85d8cc5123e43a0ba8 /include | |
| parent | c7fe1b4e9e392e0b9ffa55151c43ea7e2e2ee709 (diff) | |
sanitize: strip comments and cdata sections
Diffstat (limited to 'include')
| -rw-r--r-- | include/functions.php | 6 |
1 files changed, 1 insertions, 5 deletions
diff --git a/include/functions.php b/include/functions.php index a8f42d6d5..eeed5650d 100644 --- a/include/functions.php +++ b/include/functions.php @@ -2691,11 +2691,7 @@ $res = trim($str); if (!$res) return ''; - # we don't support CDATA sections in articles, they break our own escaping - $res = preg_replace("/\[\[CDATA/", "", $res); - $res = preg_replace("/\]\]\>/", "", $res); - - $config = array('safe' => 1, 'deny_attribute' => 'style'); + $config = array('safe' => 1, 'deny_attribute' => 'style', 'comment' => 1, 'cdata' => 1); $res = htmLawed($res, $config); if (get_pref($link, "STRIP_IMAGES", $owner)) { |