From 919de44a71226e20171635042b01f8dca35498c5 Mon Sep 17 00:00:00 2001
From: zotlabs <mike@macgirvin.com>
Date: Sat, 25 Feb 2017 13:54:39 -0800
Subject: [PATCH] escape tags on viewsrc output in case it is not text/bbcode.

---
 Zotlabs/Module/Viewsrc.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/Zotlabs/Module/Viewsrc.php b/Zotlabs/Module/Viewsrc.php
index fa755a3ec..cb305efc6 100644
--- a/Zotlabs/Module/Viewsrc.php
+++ b/Zotlabs/Module/Viewsrc.php
@@ -36,7 +36,9 @@ class Viewsrc extends \Zotlabs\Web\Controller {
 			if($r) {
 				if(intval($r[0]['item_obscured']))
 					$r[0]['body'] = crypto_unencapsulate(json_decode($r[0]['body'],true),get_config('system','prvkey')); 
-				$o = (($json) ? json_encode($r[0]['body']) : str_replace("\n",'<br />',$r[0]['body']));
+
+				$content = escape_tags($r[0]['body']);
+				$o = (($json) ? json_encode($content) : str_replace("\n",'<br />',$content));
 			}
 		}