aboutsummaryrefslogtreecommitdiffstats
path: root/library/HTMLPurifier.auto.php
diff options
context:
space:
mode:
authorredmatrix <git@macgirvin.com>2016-06-26 22:26:45 -0700
committerredmatrix <git@macgirvin.com>2016-06-26 22:26:45 -0700
commit8d298d5a068845856c9827c0d2ea3f02f1399d72 (patch)
treecaf7b545d84fab3aeeaee2dea8e36726e96cfe51 /library/HTMLPurifier.auto.php
parent3035c792dcef91cd679034ee67eb2b28ed6f3d35 (diff)
downloadvolse-hubzilla-8d298d5a068845856c9827c0d2ea3f02f1399d72.tar.gz
volse-hubzilla-8d298d5a068845856c9827c0d2ea3f02f1399d72.tar.bz2
volse-hubzilla-8d298d5a068845856c9827c0d2ea3f02f1399d72.zip
fix for the rendering side of issue #412. We traditionally store all
"user generated" content with ENT_COMPAT encoding to reduce the attack vector for JS CSS exploits. This may present compatibility issues sharing wikis to platforms which do not provide such CSS protection. We can either decide that wikis are inherently insecure and filter them on render (with an associated performance penalty), or keep the existing method of filtering on store. I'm not making that choice. I'm merely fixing the obvious rendering issue in mono-platform viewing.
Diffstat (limited to 'library/HTMLPurifier.auto.php')
0 files changed, 0 insertions, 0 deletions