From bed064442ae6acb615b89ff23bd29f444af647e6 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Sun, 28 Oct 2012 12:52:15 +0400 Subject: [PATCH] sanitize: strip comments and cdata sections --- include/functions.php | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/include/functions.php b/include/functions.php index a8f42d6d5..eeed5650d 100644 --- a/include/functions.php +++ b/include/functions.php @@ -2691,11 +2691,7 @@ $res = trim($str); if (!$res) return ''; - # we don't support CDATA sections in articles, they break our own escaping - $res = preg_replace("/\[\[CDATA/", "", $res); - $res = preg_replace("/\]\]\>/", "", $res); - - $config = array('safe' => 1, 'deny_attribute' => 'style'); + $config = array('safe' => 1, 'deny_attribute' => 'style', 'comment' => 1, 'cdata' => 1); $res = htmLawed($res, $config); if (get_pref($link, "STRIP_IMAGES", $owner)) {