SimplePie_Sanitize::sanitize does not strip attributes correctly. #36

Closed
rmccue opened this Issue Sep 29, 2009 · 1 comment

1 participant

@rmccue
SimplePie member

Originally reported by Anonymous as issue 142

While parsing an RSS feed, sanitize failed to strip class and style attributes correctly. I stripped the offending CDATA to this:

<description><![CDATA[
<img src="" class="" style=""/>
]]>

        </description>

Playing around, I removed the "/" at the end of the img tag and suddenly it worked! So, I went to the sanitize method and tweaked the regex used to clean up attributes (somewhere around line 14874). Essentially, I changed the very tail end of it from

'>/'

to

'\/?>/'

to allow for a closing slash. That seems to have fixed it.

Using Build 20090627192103

@rmccue
SimplePie member

Fixed as of 878c83c since we now use DOM parsing.

@rmccue rmccue closed this Jan 16, 2012
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment