escape tags on viewsrc output in case it is not text/bbcode.

author: zotlabs <mike@macgirvin.com> 2017-02-25 13:54:39 -0800
committer: zotlabs <mike@macgirvin.com> 2017-02-25 13:56:52 -0800
commit: 919de44a71226e20171635042b01f8dca35498c5 (patch)
tree: da93ab65b2f877d16db1e3250b8846e06d7cf508 /Zotlabs
parent: e9243e9660896ce059a6907230169c82e3b1a0be (diff)
download: volse-hubzilla-919de44a71226e20171635042b01f8dca35498c5.tar.gz
volse-hubzilla-919de44a71226e20171635042b01f8dca35498c5.tar.bz2
volse-hubzilla-919de44a71226e20171635042b01f8dca35498c5.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/Zotlabs/Module/Viewsrc.php b/Zotlabs/Module/Viewsrc.php
index fa755a3ec..cb305efc6 100644
--- a/Zotlabs/Module/Viewsrc.php
+++ b/Zotlabs/Module/Viewsrc.php
@@ -36,7 +36,9 @@ class Viewsrc extends \Zotlabs\Web\Controller {
 			if($r) {
 				if(intval($r[0]['item_obscured']))
 					$r[0]['body'] = crypto_unencapsulate(json_decode($r[0]['body'],true),get_config('system','prvkey')); 
-				$o = (($json) ? json_encode($r[0]['body']) : str_replace("\n",'<br />',$r[0]['body']));
+
+				$content = escape_tags($r[0]['body']);
+				$o = (($json) ? json_encode($content) : str_replace("\n",'<br />',$content));
 			}
 		}
author	zotlabs <mike@macgirvin.com>	2017-02-25 13:54:39 -0800
committer	zotlabs <mike@macgirvin.com>	2017-02-25 13:56:52 -0800
commit	919de44a71226e20171635042b01f8dca35498c5 (patch)
tree	da93ab65b2f877d16db1e3250b8846e06d7cf508 /Zotlabs
parent	e9243e9660896ce059a6907230169c82e3b1a0be (diff)
download	volse-hubzilla-919de44a71226e20171635042b01f8dca35498c5.tar.gz volse-hubzilla-919de44a71226e20171635042b01f8dca35498c5.tar.bz2 volse-hubzilla-919de44a71226e20171635042b01f8dca35498c5.zip