From: Mikael Nordfeldth <mmn@hethane.se>
Date: Thu, 28 Jan 2016 18:01:45 +0000 (+0100)
Subject: Purify oembed html (again)
X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=fb7f572eed5fdfe2cb8cdd9ec0b1570d9d63f845;p=quix0rs-gnu-social.git

Purify oembed html (again)

For a commit or two we didn't do this, because htmLawed failed to filter
out CDATA javascript properly, but now we use HTML Purifier which works.
---

diff --git a/plugins/Oembed/lib/oembedhelper.php b/plugins/Oembed/lib/oembedhelper.php
index f76ea0a3c3..2a76ac0f7b 100644
--- a/plugins/Oembed/lib/oembedhelper.php
+++ b/plugins/Oembed/lib/oembedhelper.php
@@ -198,6 +198,9 @@ class oEmbedHelper
         }
         
         $oembed_data = HTTPClient::quickGetJson($api, $params);
+        if (isset($oembed_data->html)) {
+            $oembed_data->html = common_purify($oembed_data->html);
+        }
         
         return $oembed_data;
     }