Commit 3e7e3de5 authored by hannes's avatar hannes

don't allow cdata elements in purified html

parent c826fe0a
......@@ -581,7 +581,8 @@ function common_purify($html)
$config = array('safe' => 1, // means that elements=* means elements=*-applet-embed-iframe-object-script or so
'elements' => '*',
'deny_attribute' => 'id,style,on*');
'deny_attribute' => 'id,style,on*',
'cdata' => 1);
// Remove more elements than what the 'safe' filter gives (elements must be '*' before this)
// http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed/htmLawed_README.htm#s3.6
......@@ -2458,4 +2459,4 @@ function html_sprintf()
function _ve($var)
{
return var_export($var, true);
}
}
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment