Merge pull request fossar#293 from seanrand/fix-entities-html-tags

Decode HTML entities before passing title or content to htmLawed
seanrand · Apr 27, 2013 · d82e988 · d82e988
2 parents 714c657 + ac523ba
commit d82e988
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/helpers/ContentLoader.php b/helpers/ContentLoader.php
@@ -106,7 +106,7 @@ public function fetch($source) {
 
             // sanitize content html
             $content = htmLawed(
-                $item->getContent(), 
+                html_entity_decode($item->getContent()),
                 array(
                     "safe"           => 1,
                     "deny_attribute" => '* -alt -title -src -href',
@@ -116,7 +116,7 @@ public function fetch($source) {
                     "elements"       => 'div,p,ul,li,a,img,dl,dt,h1,h2,h3,h4,h5,h6,ol,br,table,tr,td,blockquote,pre,ins,del,th,thead,tbody,b,i,strong,em,tt'
                 )
             );
-            $title = htmLawed($item->getTitle(), array("deny_attribute" => "*", "elements" => "-*"));
+            $title = htmLawed(html_entity_decode($item->getTitle()), array("deny_attribute" => "*", "elements" => "-*"));
             \F3::get('logger')->log('item content sanitized', \DEBUG);
 
             $icon = $item->getIcon();