Defect #142
SimplePie_Sanitize::sanitize does not strip attributes correctly.
| Status: | Unconfirmed | Start: | 2009-07-29 | |
| Priority: | Medium | Due date: | ||
| Assigned to: | - | % Done: | 0% |
|
| Category: | - | |||
| Target version: | - | |||
| Affected Version: | 1.2 |
PHP Version: | 5.2.10 |
|
| mbstring enabled: | No |
iconv enabled: | Yes |
|
| cURL enabled: | Yes |
zlib enabled: | Yes |
|
Description
While parsing an RSS feed, sanitize failed to strip class and style attributes correctly. I stripped the offending CDATA to this:
<description><![CDATA[
<img src="" class="" style=""/>
]]>
</description>
Playing around, I removed the "/" at the end of the img tag and suddenly it worked! So, I went to the sanitize method and tweaked the regex used to clean up attributes (somewhere around line 14874). Essentially, I changed the very tail end of it from
'>/'to
'\/?>/'to allow for a closing slash. That seems to have fixed it.
Using Build 20090627192103