servers/ttrss
1
0
Fork 0
mirror of https://tt-rss.org/git/tt-rss.git synced 2024-06-26 11:59:02 +02:00
Code Issues Releases Wiki Activity

sanitize: simplify initial attribute processing

Browse Source
This commit is contained in:
Andrew Dolgov 2020-04-29 19:12:29 +03:00
parent 7d9dd51cf4
commit e934e9f05e
1 changed files with 6 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
include/functions.php
View File

@ -1264,7 +1264,7 @@
$rewrite_base_url = $site_url ? $site_url : get_self_url_prefix(); $rewrite_base_url = $site_url ? $site_url : get_self_url_prefix();
$entries = $xpath->query('(//a[@href]|//img[@src]|//video/source[@src]|//audio/source[@src]|//picture/source[@src]|//picture/source[@srcset])'); $entries = $xpath->query('(//a[@href]|//img[@src]|//source[@srcset|@src])');
foreach ($entries as $entry) { foreach ($entries as $entry) {
@ -1273,11 +1273,12 @@
rewrite_relative_url($rewrite_base_url, $entry->getAttribute('href'))); rewrite_relative_url($rewrite_base_url, $entry->getAttribute('href')));
$entry->setAttribute('rel', 'noopener noreferrer'); $entry->setAttribute('rel', 'noopener noreferrer');
$entry->setAttribute("target", "_blank");
} }
if ($entry->hasAttribute('src')) { if ($entry->hasAttribute('src')) {
$src = rewrite_relative_url($rewrite_base_url, $entry->getAttribute('src')); $entry->setAttribute('src',
$entry->setAttribute('src', $src); rewrite_relative_url($rewrite_base_url, $entry->getAttribute('src')));
} }
if ($entry->nodeName == 'img') { if ($entry->nodeName == 'img') {
@ -1321,17 +1322,10 @@
$entry->parentNode->parentNode->replaceChild($p, $entry->parentNode); $entry->parentNode->parentNode->replaceChild($p, $entry->parentNode);
} else if ($entry->nodeName == 'img') { } else if ($entry->nodeName == 'img') {
if ($entry->parentNode) if ($entry->parentNode)
$entry->parentNode->replaceChild($p, $entry); $entry->parentNode->replaceChild($p, $entry);
} }
} }
if (strtolower($entry->nodeName) == "a") {
$entry->setAttribute("target", "_blank");
$entry->setAttribute("rel", "noopener noreferrer");
}
} }
$entries = $xpath->query('//iframe'); $entries = $xpath->query('//iframe');
@ -1377,7 +1371,7 @@
$doc->removeChild($doc->firstChild); //remove doctype $doc->removeChild($doc->firstChild); //remove doctype
$doc = strip_harmful_tags($doc, $allowed_elements, $disallowed_attributes); $doc = strip_harmful_tags($doc, $allowed_elements, $disallowed_attributes);
if ($highlight_words) { if ($highlight_words && is_array($highlight_words)) {
foreach ($highlight_words as $word) { foreach ($highlight_words as $word) {
// http://stackoverflow.com/questions/4081372/highlight-keywords-in-a-paragraph // http://stackoverflow.com/questions/4081372/highlight-keywords-in-a-paragraph
@ -1767,6 +1761,7 @@
*/ */
function error_json($code) { function error_json($code) {
require_once "errors.php"; require_once "errors.php";
global $ERRORS;
@$message = $ERRORS[$code]; @$message = $ERRORS[$code];