From 9f6919ae81fa0194d097bacc8956a05efb6db2c8 Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Sun, 18 Nov 2018 11:35:13 +0100
Subject: Strip embedded SVG images for now (#2135)

Fix https://github.com/FreshRSS/FreshRSS/issues/2106
Proper SVG support would require custom sanitizing and URL rewriting of
xlink:href, and is left for future work
---
 lib/lib_rss.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/lib_rss.php b/lib/lib_rss.php
index c445874c8..333920c8c 100644
--- a/lib/lib_rss.php
+++ b/lib/lib_rss.php
@@ -226,6 +226,7 @@ function customSimplePie($attributes = array()) {
 		'font', 'form', 'frame', 'frameset', 'html',
 		'link', 'input', 'marquee', 'meta', 'noscript',
 		'object', 'param', 'plaintext', 'script', 'style',
+		'svg',	//TODO: Support SVG after sanitizing and URL rewriting of xlink:href
 	));
 	$simplePie->strip_attributes(array_merge($simplePie->strip_attributes, array(
 		'autoplay', 'class', 'onload', 'onunload', 'onclick', 'ondblclick', 'onmousedown', 'onmouseup',
-- 
cgit v1.2.3