Commit 632d5f11 authored by hannes's avatar hannes

html in source field is not safe

parent e83d89e9
......@@ -522,6 +522,9 @@ class QvitterPlugin extends Plugin {
function onNoticeSimpleStatusArray($notice, &$twitter_status, $scoped)
{
// strip tags from source, we can't trust html here, because of gs bug
$twitter_status['source'] = htmlspecialchars(strip_tags($twitter_status['source']));
// groups
$notice_groups = $notice->getGroups();
$group_addressees = false;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment