aboutsummaryrefslogtreecommitdiffhomepage
path: root/application
diff options
context:
space:
mode:
authorArthurHoaro <arthur@hoa.ro>2016-02-19 19:37:13 +0100
committerArthurHoaro <arthur@hoa.ro>2016-02-19 19:37:13 +0100
commit2925687e1e86dc113116330efd547b9db5c0f1a6 (patch)
tree706706ddfc9472e51494db912f9bee03972ce93f /application
parentbfec695df1205864b46ca7175e1598b184602687 (diff)
downloadShaarli-2925687e1e86dc113116330efd547b9db5c0f1a6.tar.gz
Shaarli-2925687e1e86dc113116330efd547b9db5c0f1a6.tar.zst
Shaarli-2925687e1e86dc113116330efd547b9db5c0f1a6.zip
Markdown: don't escape content + sanitize sensible tags
Instead of trying to fix broken content for Markdown parsing, parse it unescaped, then sanatize sensible tags such as scripts, etc.
Diffstat (limited to 'application')
-rw-r--r--application/Utils.php18
1 files changed, 17 insertions, 1 deletions
diff --git a/application/Utils.php b/application/Utils.php
index 10d60698..868946df 100644
--- a/application/Utils.php
+++ b/application/Utils.php
@@ -62,7 +62,11 @@ function endsWith($haystack, $needle, $case=true)
62} 62}
63 63
64/** 64/**
65 * htmlspecialchars wrapper 65 * Htmlspecialchars wrapper
66 *
67 * @param string $str the string to escape.
68 *
69 * @return string escaped.
66 */ 70 */
67function escape($str) 71function escape($str)
68{ 72{
@@ -70,6 +74,18 @@ function escape($str)
70} 74}
71 75
72/** 76/**
77 * Reverse the escape function.
78 *
79 * @param string $str the string to unescape.
80 *
81 * @return string unescaped string.
82 */
83function unescape($str)
84{
85 return htmlspecialchars_decode($str);
86}
87
88/**
73 * Link sanitization before templating 89 * Link sanitization before templating
74 */ 90 */
75function sanitizeLink(&$link) 91function sanitizeLink(&$link)