diff options
Diffstat (limited to 'format.c')
| -rw-r--r-- | format.c | 15 |
1 files changed, 10 insertions, 5 deletions
| @@ -185,6 +185,7 @@ d_char *sanitize(const char *content) | |||
| 185 | xs *s1 = xs_strip(xs_crop(xs_dup(v), v[1] == '/' ? 2 : 1, -1)); | 185 | xs *s1 = xs_strip(xs_crop(xs_dup(v), v[1] == '/' ? 2 : 1, -1)); |
| 186 | xs *l1 = xs_split_n(s1, " ", 1); | 186 | xs *l1 = xs_split_n(s1, " ", 1); |
| 187 | xs *tag = xs_tolower(xs_dup(xs_list_get(l1, 0))); | 187 | xs *tag = xs_tolower(xs_dup(xs_list_get(l1, 0))); |
| 188 | xs *s2 = NULL; | ||
| 188 | int i; | 189 | int i; |
| 189 | 190 | ||
| 190 | /* check if it's one of the valid tags */ | 191 | /* check if it's one of the valid tags */ |
| @@ -194,14 +195,18 @@ d_char *sanitize(const char *content) | |||
| 194 | } | 195 | } |
| 195 | 196 | ||
| 196 | if (valid_tags[i]) { | 197 | if (valid_tags[i]) { |
| 197 | /* accepted tag */ | 198 | /* accepted tag: rebuild it with only the accepted elements */ |
| 198 | s = xs_str_cat(s, v); | 199 | xs *el = xs_regex_match(v, "(href|rel|class|target)=\"[^\"]*\""); |
| 200 | xs *s3 = xs_join(el, " "); | ||
| 201 | |||
| 202 | s2 = xs_fmt("<%s%s %s>", v[1] == '/' ? "/" : "", tag, s3); | ||
| 199 | } | 203 | } |
| 200 | else { | 204 | else { |
| 201 | /* bad tag */ | 205 | /* bad tag: escape it */ |
| 202 | xs *s2 = xs_replace(v, "<", "<"); | 206 | s2 = xs_replace(v, "<", "<"); |
| 203 | s = xs_str_cat(s, s2); | ||
| 204 | } | 207 | } |
| 208 | |||
| 209 | s = xs_str_cat(s, s2); | ||
| 205 | } | 210 | } |
| 206 | else { | 211 | else { |
| 207 | /* non-tag */ | 212 | /* non-tag */ |