Merge pull request #8111 from annando/tag-entities
Tags and mentions should be escaped
This commit is contained in:
commit
a0bf7a8c94
|
@ -447,13 +447,13 @@ class Term
|
||||||
$item['body'] = str_replace($orig_tag, $tag['url'], $item['body']);
|
$item['body'] = str_replace($orig_tag, $tag['url'], $item['body']);
|
||||||
}
|
}
|
||||||
|
|
||||||
$return['hashtags'][] = $prefix . '<a href="' . $tag['url'] . '" target="_blank">' . $tag['term'] . '</a>';
|
$return['hashtags'][] = $prefix . '<a href="' . $tag['url'] . '" target="_blank">' . htmlspecialchars($tag['term']) . '</a>';
|
||||||
$return['tags'][] = $prefix . '<a href="' . $tag['url'] . '" target="_blank">' . $tag['term'] . '</a>';
|
$return['tags'][] = $prefix . '<a href="' . $tag['url'] . '" target="_blank">' . htmlspecialchars($tag['term']) . '</a>';
|
||||||
break;
|
break;
|
||||||
case self::MENTION:
|
case self::MENTION:
|
||||||
$tag['url'] = Contact::magicLink($tag['url']);
|
$tag['url'] = Contact::magicLink($tag['url']);
|
||||||
$return['mentions'][] = $prefix . '<a href="' . $tag['url'] . '" target="_blank">' . $tag['term'] . '</a>';
|
$return['mentions'][] = $prefix . '<a href="' . $tag['url'] . '" target="_blank">' . htmlspecialchars($tag['term']) . '</a>';
|
||||||
$return['tags'][] = $prefix . '<a href="' . $tag['url'] . '" target="_blank">' . $tag['term'] . '</a>';
|
$return['tags'][] = $prefix . '<a href="' . $tag['url'] . '" target="_blank">' . htmlspecialchars($tag['term']) . '</a>';
|
||||||
break;
|
break;
|
||||||
case self::IMPLICIT_MENTION:
|
case self::IMPLICIT_MENTION:
|
||||||
$return['implicit_mentions'][] = $prefix . $tag['term'];
|
$return['implicit_mentions'][] = $prefix . $tag['term'];
|
||||||
|
|
Loading…
Reference in a new issue