From a282abd3b5b42b948e5ac7a8debdd59f381c7867 Mon Sep 17 00:00:00 2001
From: Christian Schneider
Date: Fri, 16 Mar 2007 13:46:36 +0000
Subject: Make sure a href and img src are properly encoded insanitized html

---
 html.class | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/html.class b/html.class
index 473923b..f6cfb62 100644
--- a/html.class
+++ b/html.class
@@ -248,13 +248,13 @@ function sanitize($html)
 	{
 		# Link tags, keeps only href attribute
 		list($head, $href, $content, $tail) = $tag;
-		$result .= it_html::sanitize($head) . "<a href=\"$href\">" . it_html::sanitize($content) . "</a>" . it_html::sanitize($tail);
+		$result .= it_html::sanitize($head) . '<a href="' . it_html::Q(html_entity_decode($href)) . '">' . it_html::sanitize($content) . "</a>" . it_html::sanitize($tail);
 	}
 	else if ($tag = it::match('(.*)<img[^>]+?src="(' . $urlpattern . ')"[^>]*?>(.*)', $html))
 	{
 		# Image tags, keeps only src attribute
 		list($head, $src, $tail) = $tag;
-		$result .= it_html::sanitize($head) . "<img src=\"$src\" alt=\"\" />" . it_html::sanitize($tail);
+		$result .= it_html::sanitize($head) . '<img src="' . it_html::Q(html_entity_decode($src)) . '" alt="" />' . it_html::sanitize($tail);
 	}
 	else if ($tag = it::match("(.*)<(br)[^>]*>(.*)", $html))
 	{
-- 
cgit v1.2.3