From d48d160c64f104785a6a52372271100e1a9803c6 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@bah.spb.su>
Date: Sat, 5 Aug 2006 13:00:01 +0100
Subject: disable scripts in rss entry content

---
 functions.php |  7 +++++++
 tt-rss.css    | 12 ++++++++++++
 2 files changed, 19 insertions(+)

diff --git a/functions.php b/functions.php
index 2e65f7a35..133a8ccf9 100644
--- a/functions.php
+++ b/functions.php
@@ -530,6 +530,13 @@
 
 				}
 
+				# sanitize content
+				$entry_content = preg_replace('/<script.*?>/i', 
+					"<p class=\"scriptWarn\">", $entry_content);
+
+				$entry_content = preg_replace('/<\/script>/i', 
+					"</p>", $entry_content);
+
 				db_query($link, "BEGIN");
 
 				if (db_num_rows($result) == 0) {
diff --git a/tt-rss.css b/tt-rss.css
index f69d2444e..8d29213ba 100644
--- a/tt-rss.css
+++ b/tt-rss.css
@@ -1145,3 +1145,15 @@ span.debugTS {
 #backReqBox {
 	display : none;
 }
+
+.scriptWarn:before {
+	content : "Disabled script:";
+}
+
+.scriptWarn {
+	color : white;
+	background-color : #903030;
+	border : 1px solid #601010;
+	padding : 3px;
+	font-weight : bold;
+}
-- 
cgit v1.2.3