diff options
| author | Christian Schneider | 2009-09-08 15:26:56 +0000 |
|---|---|---|
| committer | Christian Schneider | 2009-09-08 15:26:56 +0000 |
| commit | 8197be3061db8bd2f57910fa30d6adf34b04e824 (patch) | |
| tree | 5c6ffb1ca085a2c5f827622f38c51a2d777be947 /it_html.class | |
| parent | fdb49bcc7704cbf46014dae6091f61235dab01cb (diff) | |
| download | itools-8197be3061db8bd2f57910fa30d6adf34b04e824.tar.gz itools-8197be3061db8bd2f57910fa30d6adf34b04e824.tar.bz2 itools-8197be3061db8bd2f57910fa30d6adf34b04e824.zip | |
Use U() to sanitize URLs in it_html::sanitize and adapted test cases to it
Diffstat (limited to 'it_html.class')
| -rw-r--r-- | it_html.class | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/it_html.class b/it_html.class index 039f649..2175dd3 100644 --- a/it_html.class +++ b/it_html.class @@ -395,13 +395,13 @@ function sanitize($html) { # Link tags, keeps only href attribute list($head, $href, $content, $tail) = $tag; - $result .= it_html::sanitize($head) . '<a href="' . it_html::Q(html_entity_decode($href), ENT_COMPAT, $charset) . '">' . it_html::sanitize($content) . "</a>" . it_html::sanitize($tail); + $result .= it_html::sanitize($head) . '<a href="' . it_html::Q(it_html::U(html_entity_decode($href, ENT_COMPAT, $charset))) . '">' . it_html::sanitize($content) . "</a>" . it_html::sanitize($tail); } else if ($tag = it::match('(.*)<img\b[^>]+?src="(' . $urlpattern . ')"[^>]*?>(.*)', $html)) { # Image tags, keeps only src attribute list($head, $src, $tail) = $tag; - $result .= it_html::sanitize($head) . '<img src="' . it_html::Q(html_entity_decode($src, ENT_COMPAT, $charset)) . '" alt="" />' . it_html::sanitize($tail); + $result .= it_html::sanitize($head) . '<img src="' . it_html::Q(it_html::U(html_entity_decode($src, ENT_COMPAT, $charset))) . '" alt="" />' . it_html::sanitize($tail); } else if ($tag = it::match("(.*)<(br|/tr)\b[^>]*>(.*)", $html)) { |