]> git.mxchange.org Git - quix0rs-gnu-social.git/commitdiff
projects / quix0rs-gnu-social.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7e6783b)
Purify oembed html (again)
authorMikael Nordfeldth <mmn@hethane.se>
Thu, 28 Jan 2016 18:01:45 +0000 (19:01 +0100)
committerMikael Nordfeldth <mmn@hethane.se>
Thu, 28 Jan 2016 18:02:16 +0000 (19:02 +0100)
For a commit or two we didn't do this, because htmLawed failed to filter
out CDATA javascript properly, but now we use HTML Purifier which works.

plugins/Oembed/lib/oembedhelper.php patch | blob | history

diff --git a/plugins/Oembed/lib/oembedhelper.php b/plugins/Oembed/lib/oembedhelper.php
index f76ea0a3c31af05a7c0e4eee48023f1c5b0a31e7..2a76ac0f7b0dd17b60fe0c97f267b6bceb7f2e46 100644 (file)
--- a/plugins/Oembed/lib/oembedhelper.php
+++ b/plugins/Oembed/lib/oembedhelper.php
@@ -198,6 +198,9 @@ class oEmbedHelper
         }
         
         $oembed_data = HTTPClient::quickGetJson($api, $params);
+        if (isset($oembed_data->html)) {
+            $oembed_data->html = common_purify($oembed_data->html);
+        }
         
         return $oembed_data;
     }
This is my personal clone from the wonderful software GNUSocial. I may fix or break things here, so use it on your own risk. :-)