mexon/friendica
1
0
Fork 0
Code Pull requests Activity

Merge pull request #9272 from MrPetovan/bug/parse-url-charset

Browse source 
Add style and script tag escaping when parsing charset in Util\ParseUrl
This commit is contained in:
Michael Vogel 2020-09-25 13:26:00 +02:00 committed by GitHub
parent 6d4454582d f52d44554e
commit 60d1630d3a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
src/Util/ParseUrl.php
View file

@ -212,9 +212,13 @@ class ParseUrl
// Expected forms:
// - <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
// - <meta charset="utf-8">
if (preg_match('/charset=["\']?([^\'"]*?)[\'"]/', $body, $matches)) {
$charset = trim(trim(trim(array_pop($matches)), ';,'));
}
// We escape <style> and <script> tags since they can contain irrelevant charset information
// (see https://github.com/friendica/friendica/issues/9251#issuecomment-698636806)
Strings::performWithEscapedBlocks($body, '#<(?:style|script).*?</(?:style|script)>#ism', function ($body) use (&$charset) {
if (preg_match('/charset=["\']?([^\',"]*?)[\'"]/', $body, $matches)) {
$charset = trim(trim(trim(array_pop($matches)), ';,'));
}
});
if ($charset && strtoupper($charset) != 'UTF-8') {
// See https://github.com/friendica/friendica/issues/5470#issuecomment-418351211