fix for the rendering side of issue #412. We traditionally store all
"user generated" content with ENT_COMPAT encoding to reduce the attack vector for JS CSS exploits. This may present compatibility issues sharing wikis to platforms which do not provide such CSS protection. We can either decide that wikis are inherently insecure and filter them on render (with an associated performance penalty), or keep the existing method of filtering on store. I'm not making that choice. I'm merely fixing the obvious rendering issue in mono-platform viewing.
This commit is contained in:
redmatrix
parent
3035c792dc
commit
8d298d5a06
@ -125,7 +125,7 @@ class Wiki extends \Zotlabs\Web\Controller {
|
||||
notice('Error retrieving page content' . EOL);
|
||||
goaway('/'.argv(0).'/'.argv(1).'/'.$wikiUrlName);
|
||||
}
|
||||
$content = ($p['content'] !== '' ? $p['content'] : '"# New page\n"');
|
||||
$content = ($p['content'] !== '' ? htmlspecialchars_decode($p['content'],ENT_COMPAT) : '"# New page\n"');
|
||||
// Render the Markdown-formatted page content in HTML
|
||||
require_once('library/markdown.php');
|
||||
$renderedContent = wiki_convert_links(Markdown(json_decode($content)),argv(0).'/'.argv(1).'/'.$wikiUrlName);
|
||||
|
||||
Reference in New Issue
Block a user