Double htmlPurifying in system/Text/Parser.php, why?

TSP · October 21, 2019

In:

	public function parse( $value )
	{		
		/* CKEditor sometimes includes these for markers. HTMLPurifier will remove the style attribute so we need to strip them first */
		$value = str_replace( '<span style="display: none;">&nbsp;</span>', '', $value );
				
		/* Clean HTML */
		if ( $value and $this->htmlPurifier )
		{
			$value = $this->htmlPurifier->purify( $value );
		}

		/* BBCode, Profanity, etc. */
		if ( $value )
		{
			$value = $this->_parseContent( $value );
		}
						
		/* Clean HTML */
		if ( $value and $this->htmlPurifier )
		{
			$value = $this->htmlPurifier->purify( $value );
		}

What's the reasoning by running it twice through the purifier? Wouldn't it be enough to just do it once? Either before or after _parseContent.

I'm also wondering how "safe" you would consider it to be to comment out the second purifyer step to speed up the post conversion task running after an upgrade from 3.4.

newbie LAC · October 21, 2019

All Astronauts · October 22, 2019

^ Hey - I know that quoted guy

Invision Community 4: SEO, prepare for v5 and dormant account notifications

Invision Community 5: Beta testing and latest updates

Invision Community 4: A more professional report center

Invision Community 5: A video walkthrough creating a custom theme and homepage

Double htmlPurifying in system/Text/Parser.php, why?

Recommended Posts

TSP

newbie LAC

All Astronauts

Archived

Recently Browsing 0 members

More