[fix] content is now cleaned by HTML purifier from prevent XSS attack

[github/wallabag/wallabag.git] / inc / poche / global.inc.php

diff --git a/inc/poche/global.inc.php b/inc/poche/global.inc.php
index e2beade1f2c3904c35daef0fba3f18d5c3a53055..d22b05887e8ea85f86017a763d4ecaeef2a7d940 100644 (file)
--- a/inc/poche/global.inc.php
+++ b/inc/poche/global.inc.php
@@ -29,6 +29,8 @@ require_once INCLUDES . '/3rdparty/libraries/feedwriter/FeedItem.php';
 require_once INCLUDES . '/3rdparty/libraries/feedwriter/FeedWriter.php';
 require_once INCLUDES . '/3rdparty/FlattrItem.class.php';
 
+require_once INCLUDES . '/3rdparty/htmlpurifier/HTMLPurifier.auto.php';
+
 # Composer its autoloader for automatically loading Twig
 if (! file_exists(ROOT . '/vendor/autoload.php')) {
     Poche::$canRenderTemplates = false;