From fb7f572eed5fdfe2cb8cdd9ec0b1570d9d63f845 Mon Sep 17 00:00:00 2001 From: Mikael Nordfeldth Date: Thu, 28 Jan 2016 19:01:45 +0100 Subject: [PATCH] Purify oembed html (again) For a commit or two we didn't do this, because htmLawed failed to filter out CDATA javascript properly, but now we use HTML Purifier which works. --- plugins/Oembed/lib/oembedhelper.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/plugins/Oembed/lib/oembedhelper.php b/plugins/Oembed/lib/oembedhelper.php index f76ea0a3c3..2a76ac0f7b 100644 --- a/plugins/Oembed/lib/oembedhelper.php +++ b/plugins/Oembed/lib/oembedhelper.php @@ -198,6 +198,9 @@ class oEmbedHelper } $oembed_data = HTTPClient::quickGetJson($api, $params); + if (isset($oembed_data->html)) { + $oembed_data->html = common_purify($oembed_data->html); + } return $oembed_data; } -- 2.39.5