hmm, this patch will also remove this: <a href="javascript:alert()">
? or that should be a container sanitization business? ropu On Wed, Nov 19, 2008 at 12:32 AM, <[EMAIL PROTECTED]> wrote: > Author: chabotc > Date: Wed Nov 19 02:32:04 2008 > New Revision: 718927 > > URL: http://svn.apache.org/viewvc?rev=718927&view=rev > Log: > SHINDIG-544 - strip any non-allowed tags > > Modified: > incubator/shindig/trunk/php/src/social/model/Activity.php > > Modified: incubator/shindig/trunk/php/src/social/model/Activity.php > URL: > http://svn.apache.org/viewvc/incubator/shindig/trunk/php/src/social/model/Activity.php?rev=718927&r1=718926&r2=718927&view=diff > > ============================================================================== > --- incubator/shindig/trunk/php/src/social/model/Activity.php (original) > +++ incubator/shindig/trunk/php/src/social/model/Activity.php Wed Nov 19 > 02:32:04 2008 > @@ -1,4 +1,5 @@ > <?php > + > /* > * Licensed to the Apache Software Foundation (ASF) under one > * or more contributor license agreements. See the NOTICE file > @@ -183,7 +184,7 @@ > > public function setTitle($title) > { > - $this->title = $title; > + $this->title = strip_tags($title, '<b><i><a><span><img>'); > } > > public function getTitleId() > @@ -215,4 +216,5 @@ > { > $this->userId = $userId; > } > + > } > > > -- .-. --- .--. ..- R o p u
