From 42f78188d010458d140ab1305c056e9c9c755e92 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Fri, 29 Apr 2016 21:59:34 +0300 Subject: [PATCH] sanitize: force strip unnecessary data outside of ... tags generated by DOMDocument::saveHTML() --- include/functions2.php | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/include/functions2.php b/include/functions2.php index 1c2ffb936..0a4f4309e 100644 --- a/include/functions2.php +++ b/include/functions2.php @@ -1034,7 +1034,14 @@ $res = $doc->saveHTML(); - return $res; + /* strip everything outside of ... */ + + $res_frag = array(); + if (preg_match('/(.*)<\/body>/is', $res, $res_frag)) { + return $res_frag[1]; + } else { + return $res; + } } function strip_harmful_tags($doc, $allowed_elements, $disallowed_attributes) {