Skip to content
Snippets Groups Projects
Commit 2f62149d authored by Jared Hancock's avatar Jared Hancock
Browse files

html: Reduce dependency on htmlchars

Previously, html-like content would have to be run through Format::htmlchars
before being passed to Format::sanitize, because things that looked like
invalid html content would be removed.
parent c8a59047
Branches
Tags
No related merge requests found
...@@ -206,7 +206,7 @@ class Format { ...@@ -206,7 +206,7 @@ class Format {
function safe_html($html) { function safe_html($html) {
// Remove HEAD and STYLE sections // Remove HEAD and STYLE sections
$html = preg_replace( $html = preg_replace(
array(':<(head|style).+</\1>:is', # <head> and <style> sections array(':<(head|style|script).+</\1>:is', # <head> and <style> sections
':<!\[[^]<]+\]>:', # <![if !mso]> and friends ':<!\[[^]<]+\]>:', # <![if !mso]> and friends
':<!DOCTYPE[^>]+>:', # <!DOCTYPE ... > ':<!DOCTYPE[^>]+>:', # <!DOCTYPE ... >
), ),
...@@ -217,6 +217,7 @@ class Format { ...@@ -217,6 +217,7 @@ class Format {
'balance' => 1, //balance and close unclosed tags. 'balance' => 1, //balance and close unclosed tags.
'comment' => 1, //Remove html comments (OUTLOOK LOVE THEM) 'comment' => 1, //Remove html comments (OUTLOOK LOVE THEM)
'tidy' => -1, 'tidy' => -1,
'keep_bad' => 1,
'deny_attribute' => 'id', 'deny_attribute' => 'id',
'schemes' => 'href: aim, feed, file, ftp, gopher, http, https, irc, mailto, news, nntp, sftp, ssh, telnet; *:file, http, https; src: cid, http, https, data', 'schemes' => 'href: aim, feed, file, ftp, gopher, http, https, irc, mailto, news, nntp, sftp, ssh, telnet; *:file, http, https; src: cid, http, https, data',
'hook_tag' => function($e, $a=0) { return Format::__html_cleanup($e, $a); }, 'hook_tag' => function($e, $a=0) { return Format::__html_cleanup($e, $a); },
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment