diff options
| author | Christian Schneider | 2007-03-16 13:46:36 +0000 |
|---|---|---|
| committer | Christian Schneider | 2007-03-16 13:46:36 +0000 |
| commit | a282abd3b5b42b948e5ac7a8debdd59f381c7867 (patch) | |
| tree | 8ef463d52d78d09701e68e3f55a003f5b14490ab | |
| parent | d823ee707d41b7cad97cb8cac73fc04d4b76b760 (diff) | |
| download | itools-a282abd3b5b42b948e5ac7a8debdd59f381c7867.tar.gz itools-a282abd3b5b42b948e5ac7a8debdd59f381c7867.tar.bz2 itools-a282abd3b5b42b948e5ac7a8debdd59f381c7867.zip | |
Make sure a href and img src are properly encoded insanitized html
| -rw-r--r-- | html.class | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -248,13 +248,13 @@ function sanitize($html) { # Link tags, keeps only href attribute list($head, $href, $content, $tail) = $tag; - $result .= it_html::sanitize($head) . "<a href=\"$href\">" . it_html::sanitize($content) . "</a>" . it_html::sanitize($tail); + $result .= it_html::sanitize($head) . '<a href="' . it_html::Q(html_entity_decode($href)) . '">' . it_html::sanitize($content) . "</a>" . it_html::sanitize($tail); } else if ($tag = it::match('(.*)<img[^>]+?src="(' . $urlpattern . ')"[^>]*?>(.*)', $html)) { # Image tags, keeps only src attribute list($head, $src, $tail) = $tag; - $result .= it_html::sanitize($head) . "<img src=\"$src\" alt=\"\" />" . it_html::sanitize($tail); + $result .= it_html::sanitize($head) . '<img src="' . it_html::Q(html_entity_decode($src)) . '" alt="" />' . it_html::sanitize($tail); } else if ($tag = it::match("(.*)<(br)[^>]*>(.*)", $html)) { |