fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-04-02 01:52:10 +09:00
Code Issues Projects Releases Packages Wiki Activity

Object XSS defense with HTML Purifier

Browse source 
git-svn-id: http://xe-core.googlecode.com/svn/branches/1.5.0@10580 201d5d3c-b55e-5fd7-737f-ddc643e51545
This commit is contained in:
ovclas 2012-04-20 08:26:01 +00:00
parent 7ea7157ce7
commit 9c5fa20b24
1 changed files with 10 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

11
config/func.inc.php
View file

@ -697,7 +697,16 @@
// xmp tag 확인 및 추가
$content = checkXmpTag($content);
return $content;
// purifier setting
require_once _XE_PATH_.'classes/security/htmlpurifier/library/HTMLPurifier.auto.php';
require_once 'HTMLPurifier.func.php';
$config = HTMLPurifier_Config::createDefault();
$config->set('HTML.TidyLevel', 'light');
$config->set('HTML.SafeObject', true);
$purifier = new HTMLPurifier($config);
$content = $purifier->purify($content);
return $content;
}
/**