From 232862ae08661ecca4d0688001904648b7894a8a Mon Sep 17 00:00:00 2001
From: zotlabs <mike@macgirvin.com>
Date: Sat, 25 Feb 2017 13:54:39 -0800
Subject: escape tags on viewsrc output in case it is not text/bbcode.

---
 Zotlabs/Module/Viewsrc.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'Zotlabs')

diff --git a/Zotlabs/Module/Viewsrc.php b/Zotlabs/Module/Viewsrc.php
index fa755a3ec..cb305efc6 100644
--- a/Zotlabs/Module/Viewsrc.php
+++ b/Zotlabs/Module/Viewsrc.php
@@ -36,7 +36,9 @@ class Viewsrc extends \Zotlabs\Web\Controller {
 			if($r) {
 				if(intval($r[0]['item_obscured']))
 					$r[0]['body'] = crypto_unencapsulate(json_decode($r[0]['body'],true),get_config('system','prvkey')); 
-				$o = (($json) ? json_encode($r[0]['body']) : str_replace("\n",'<br />',$r[0]['body']));
+
+				$content = escape_tags($r[0]['body']);
+				$o = (($json) ? json_encode($content) : str_replace("\n",'<br />',$content));
 			}
 		}
 	
-- 
cgit v1.2.3