sanitize: force strip unnecessary data outside of <body>...</body> tags generated by DOMDocument::saveHTML()

2025-12-13 11:25:56 +00:00 · 2016-04-29 21:59:34 +03:00
parent 977cea1438
commit 42f78188d0
1 changed files with 8 additions and 1 deletions
--- a/include/functions2.php
+++ b/include/functions2.php
@@ -1034,7 +1034,14 @@

 		$res = $doc->saveHTML();

-		return $res;
+		/* strip everything outside of <body>...</body> */
+
+		$res_frag = array();
+		if (preg_match('/<body>(.*)<\/body>/is', $res, $res_frag)) {
+			return $res_frag[1];
+		} else {
+			return $res;
+		}
 	}

 	function strip_harmful_tags($doc, $allowed_elements, $disallowed_attributes) {