Restrict character class for charset capture in Util\ParseUrl

- Address https://github.com/friendica/friendica/issues/9252#issuecomment-698742359

src/Util/ParseUrl.php

@@ -204,7 +204,7 @@ class ParseUrl
 		$charset = '';
 		// Look for a charset, first in headers
 		// Expected form: Content-Type: text/html; charset=ISO-8859-4
-		if (preg_match('/charset=(.+?)\s/', $header, $matches)) {
+		if (preg_match('/charset=([a-z0-9-_.\/]+)/i', $header, $matches)) {
 			$charset = trim(trim(trim(array_pop($matches)), ';,'));
 		}
 
@@ -212,14 +212,18 @@ class ParseUrl
 		// Expected forms:
 		// - <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
 		// - <meta charset="utf-8">
+		// - <meta charset=utf-8>
+		// - <meta charSet="utf-8">
 		// We escape <style> and <script> tags since they can contain irrelevant charset information
 		// (see https://github.com/friendica/friendica/issues/9251#issuecomment-698636806)
 		Strings::performWithEscapedBlocks($body, '#<(?:style|script).*?</(?:style|script)>#ism', function ($body) use (&$charset) {
-			if (preg_match('/charset=["\']?([^\',"]*?)[\'"]/', $body, $matches)) {
+			if (preg_match('/charset=["\']?([a-z0-9-_.\/]+)/i', $body, $matches)) {
 				$charset = trim(trim(trim(array_pop($matches)), ';,'));
 			}
 		});
 
+		$siteinfo['charset'] = $charset;
+
 		if ($charset && strtoupper($charset) != 'UTF-8') {
 			// See https://github.com/friendica/friendica/issues/5470#issuecomment-418351211
 			$charset = str_ireplace('latin-1', 'latin1', $charset);