don't allow cdata elements in purified html
This commit is contained in:
parent
c826fe0af4
commit
3e7e3de554
|
@ -581,7 +581,8 @@ function common_purify($html)
|
|||
|
||||
$config = array('safe' => 1, // means that elements=* means elements=*-applet-embed-iframe-object-script or so
|
||||
'elements' => '*',
|
||||
'deny_attribute' => 'id,style,on*');
|
||||
'deny_attribute' => 'id,style,on*',
|
||||
'cdata' => 1);
|
||||
|
||||
// Remove more elements than what the 'safe' filter gives (elements must be '*' before this)
|
||||
// http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed/htmLawed_README.htm#s3.6
|
||||
|
@ -2458,4 +2459,4 @@ function html_sprintf()
|
|||
function _ve($var)
|
||||
{
|
||||
return var_export($var, true);
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user