Strip embedded SVG images for now (#2135)

Fix https://github.com/FreshRSS/FreshRSS/issues/2106 Proper SVG support would require custom sanitizing and URL rewriting of xlink:href, and is left for future work
2026-05-14 02:03:55 -04:00 · 2018-11-18 11:35:13 +01:00
parent f26b8f3f31
commit 9f6919ae81
1 changed files with 1 additions and 0 deletions
--- a/lib/lib_rss.php
+++ b/lib/lib_rss.php
@@ -226,6 +226,7 @@ function customSimplePie($attributes = array()) {
 		'font', 'form', 'frame', 'frameset', 'html',
 		'link', 'input', 'marquee', 'meta', 'noscript',
 		'object', 'param', 'plaintext', 'script', 'style',
+		'svg',	//TODO: Support SVG after sanitizing and URL rewriting of xlink:href
 	));
 	$simplePie->strip_attributes(array_merge($simplePie->strip_attributes, array(
 		'autoplay', 'class', 'onload', 'onunload', 'onclick', 'ondblclick', 'onmousedown', 'onmouseup',