pierre/wallabag
1
0
Fork 0
forked from wallabag/wallabag
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

[fix] content is now cleaned by HTML purifier from prevent XSS attack

Browse Source
This commit is contained in:
Nicolas Lœuillet
2014-02-21 15:44:13 +01:00
parent d4949327ef
commit 1570a65381
2 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
inc/poche/global.inc.php
View File

@ -29,6 +29,8 @@ require_once INCLUDES . '/3rdparty/libraries/feedwriter/FeedItem.php';
require_once INCLUDES . '/3rdparty/libraries/feedwriter/FeedWriter.php';
require_once INCLUDES . '/3rdparty/FlattrItem.class.php';
require_once INCLUDES . '/3rdparty/htmlpurifier/HTMLPurifier.auto.php';
# Composer its autoloader for automatically loading Twig
if (! file_exists(ROOT . '/vendor/autoload.php')) {
Poche::$canRenderTemplates = false;