diff options
| author |  Alexandre Alapetite <alexandre@alapetite.fr>
| 2018-11-18 11:35:13 +0100 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2018-11-18 11:35:13 +0100 |
| commit | 9f6919ae81fa0194d097bacc8956a05efb6db2c8 (patch) | |
| tree | 1c12991ce4bd1adf38212934c9972da866729d95 | |
| parent | f26b8f3f310df60693deab7d977dd5fcc3adaf09 (diff) | |
Strip embedded SVG images for now (#2135)
Fix https://github.com/FreshRSS/FreshRSS/issues/2106
Proper SVG support would require custom sanitizing and URL rewriting of
xlink:href, and is left for future work
| -rw-r--r-- | lib/lib_rss.php | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/lib/lib_rss.php b/lib/lib_rss.php index c445874c8..333920c8c 100644 --- a/lib/lib_rss.php +++ b/lib/lib_rss.php @@ -226,6 +226,7 @@ function customSimplePie($attributes = array()) { 'font', 'form', 'frame', 'frameset', 'html', 'link', 'input', 'marquee', 'meta', 'noscript', 'object', 'param', 'plaintext', 'script', 'style', + 'svg', //TODO: Support SVG after sanitizing and URL rewriting of xlink:href )); $simplePie->strip_attributes(array_merge($simplePie->strip_attributes, array( 'autoplay', 'class', 'onload', 'onunload', 'onclick', 'ondblclick', 'onmousedown', 'onmouseup', |