From f52d44554e495307fa4612c4ba8557c5b54f4bcb Mon Sep 17 00:00:00 2001
From: Hypolite Petovan <hypolite@mrpetovan.com>
Date: Fri, 25 Sep 2020 06:55:52 -0400
Subject: [PATCH] Add style and script tag escaping when parsing charset in
 Util\ParseUrl

- Address https://github.com/friendica/friendica/issues/9251#issuecomment-698086677
---
 src/Util/ParseUrl.php | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/Util/ParseUrl.php b/src/Util/ParseUrl.php
index bb3ebbc10b..ce2a0ea966 100644
--- a/src/Util/ParseUrl.php
+++ b/src/Util/ParseUrl.php
@@ -212,9 +212,13 @@ class ParseUrl
 		// Expected forms:
 		// - <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
 		// - <meta charset="utf-8">
-		if (preg_match('/charset=["\']?([^\'"]*?)[\'"]/', $body, $matches)) {
-			$charset = trim(trim(trim(array_pop($matches)), ';,'));
-		}
+		// We escape <style> and <script> tags since they can contain irrelevant charset information
+		// (see https://github.com/friendica/friendica/issues/9251#issuecomment-698636806)
+		Strings::performWithEscapedBlocks($body, '#<(?:style|script).*?</(?:style|script)>#ism', function ($body) use (&$charset) {
+			if (preg_match('/charset=["\']?([^\',"]*?)[\'"]/', $body, $matches)) {
+				$charset = trim(trim(trim(array_pop($matches)), ';,'));
+			}
+		});
 
 		if ($charset && strtoupper($charset) != 'UTF-8') {
 			// See https://github.com/friendica/friendica/issues/5470#issuecomment-418351211