Markdown: don't escape content + sanitize sensible tags

Instead of trying to fix broken content for Markdown parsing, parse it unescaped, then sanatize sensible tags such as scripts, etc.
author: ArthurHoaro <arthur@hoa.ro> 2016-02-19 19:37:13 +0100
committer: ArthurHoaro <arthur@hoa.ro> 2016-02-19 19:37:13 +0100
commit: 2925687e1e86dc113116330efd547b9db5c0f1a6 (patch)
tree: 706706ddfc9472e51494db912f9bee03972ce93f /application
parent: bfec695df1205864b46ca7175e1598b184602687 (diff)
download: Shaarli-2925687e1e86dc113116330efd547b9db5c0f1a6.tar.gz
Shaarli-2925687e1e86dc113116330efd547b9db5c0f1a6.tar.zst
Shaarli-2925687e1e86dc113116330efd547b9db5c0f1a6.zip
1 files changed, 17 insertions, 1 deletions
diff --git a/application/Utils.php b/application/Utils.php
index 10d60698..868946df 100644
--- a/application/Utils.php
+++ b/application/Utils.php
@@ -62,7 +62,11 @@ function endsWith($haystack, $needle, $case=true)
 }
 /**
- * htmlspecialchars wrapper
+ * Htmlspecialchars wrapper
+ *
+ * @param string $str the string to escape.
+ *
+ * @return string escaped.
 */
 function escape($str)
 {
@@ -70,6 +74,18 @@ function escape($str)
 }
 /**
+ * Reverse the escape function.
+ *
+ * @param string $str the string to unescape.
+ *
+ * @return string unescaped string.
+ */
+function unescape($str)
+{
+    return htmlspecialchars_decode($str);
+}
+/**
 * Link sanitization before templating
 */
 function sanitizeLink(&$link)
author	ArthurHoaro <arthur@hoa.ro>	2016-02-19 19:37:13 +0100
committer	ArthurHoaro <arthur@hoa.ro>	2016-02-19 19:37:13 +0100
commit	2925687e1e86dc113116330efd547b9db5c0f1a6 (patch)
tree	706706ddfc9472e51494db912f9bee03972ce93f /application
parent	bfec695df1205864b46ca7175e1598b184602687 (diff)
download	Shaarli-2925687e1e86dc113116330efd547b9db5c0f1a6.tar.gz Shaarli-2925687e1e86dc113116330efd547b9db5c0f1a6.tar.zst Shaarli-2925687e1e86dc113116330efd547b9db5c0f1a6.zip

diff --git a/application/Utils.php b/application/Utils.php index 10d60698..868946df 100644 --- a/application/Utils.php +++ b/application/Utils.php
@@ -62,7 +62,11 @@ function endsWith($haystack, $needle, $case=true)
62	}	62	}
63		63
64	/**	64	/**
65	* htmlspecialchars wrapper	65	* Htmlspecialchars wrapper
		66	*
		67	* @param string $str the string to escape.
		68	*
		69	* @return string escaped.
66	*/	70	*/
67	function escape($str)	71	function escape($str)
68	{	72	{
@@ -70,6 +74,18 @@ function escape($str)
70	}	74	}
71		75
72	/**	76	/**
		77	* Reverse the escape function.
		78	*
		79	* @param string $str the string to unescape.
		80	*
		81	* @return string unescaped string.
		82	*/
		83	function unescape($str)
		84	{
		85	return htmlspecialchars_decode($str);
		86	}
		87
		88	/**
73	* Link sanitization before templating	89	* Link sanitization before templating
74	*/	90	*/
75	function sanitizeLink(&$link)	91	function sanitizeLink(&$link)