From bed064442ae6acb615b89ff23bd29f444af647e6 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@madoka.volgo-balt.ru>
Date: Sun, 28 Oct 2012 12:52:15 +0400
Subject: sanitize: strip comments and cdata sections

---
 include/functions.php | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/include/functions.php b/include/functions.php
index a8f42d6d5..eeed5650d 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -2691,11 +2691,7 @@
 
 		$res = trim($str); if (!$res) return '';
 
-		# we don't support CDATA sections in articles, they break our own escaping
-		$res = preg_replace("/\[\[CDATA/", "", $res);
-		$res = preg_replace("/\]\]\>/", "", $res);
-
-		$config = array('safe' => 1, 'deny_attribute' => 'style');
+		$config = array('safe' => 1, 'deny_attribute' => 'style', 'comment' => 1, 'cdata' => 1);
 		$res = htmLawed($res, $config);
 
 		if (get_pref($link, "STRIP_IMAGES", $owner)) {
-- 
cgit v1.2.3