diff options
author | ArthurHoaro <arthur@hoa.ro> | 2016-02-19 19:37:13 +0100 |
---|---|---|
committer | ArthurHoaro <arthur@hoa.ro> | 2016-02-19 19:37:13 +0100 |
commit | 2925687e1e86dc113116330efd547b9db5c0f1a6 (patch) | |
tree | 706706ddfc9472e51494db912f9bee03972ce93f /application/Utils.php | |
parent | bfec695df1205864b46ca7175e1598b184602687 (diff) | |
download | Shaarli-2925687e1e86dc113116330efd547b9db5c0f1a6.tar.gz Shaarli-2925687e1e86dc113116330efd547b9db5c0f1a6.tar.zst Shaarli-2925687e1e86dc113116330efd547b9db5c0f1a6.zip |
Markdown: don't escape content + sanitize sensible tags
Instead of trying to fix broken content for Markdown parsing, parse it unescaped, then sanatize sensible tags such as scripts, etc.
Diffstat (limited to 'application/Utils.php')
-rw-r--r-- | application/Utils.php | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/application/Utils.php b/application/Utils.php index 10d60698..868946df 100644 --- a/application/Utils.php +++ b/application/Utils.php | |||
@@ -62,7 +62,11 @@ function endsWith($haystack, $needle, $case=true) | |||
62 | } | 62 | } |
63 | 63 | ||
64 | /** | 64 | /** |
65 | * htmlspecialchars wrapper | 65 | * Htmlspecialchars wrapper |
66 | * | ||
67 | * @param string $str the string to escape. | ||
68 | * | ||
69 | * @return string escaped. | ||
66 | */ | 70 | */ |
67 | function escape($str) | 71 | function escape($str) |
68 | { | 72 | { |
@@ -70,6 +74,18 @@ function escape($str) | |||
70 | } | 74 | } |
71 | 75 | ||
72 | /** | 76 | /** |
77 | * Reverse the escape function. | ||
78 | * | ||
79 | * @param string $str the string to unescape. | ||
80 | * | ||
81 | * @return string unescaped string. | ||
82 | */ | ||
83 | function unescape($str) | ||
84 | { | ||
85 | return htmlspecialchars_decode($str); | ||
86 | } | ||
87 | |||
88 | /** | ||
73 | * Link sanitization before templating | 89 | * Link sanitization before templating |
74 | */ | 90 | */ |
75 | function sanitizeLink(&$link) | 91 | function sanitizeLink(&$link) |