Jump to content

Double htmlPurifying in system/Text/Parser.php, why?


TSP

Recommended Posts

In: 

	public function parse( $value )
	{		
		/* CKEditor sometimes includes these for markers. HTMLPurifier will remove the style attribute so we need to strip them first */
		$value = str_replace( '<span style="display: none;">&nbsp;</span>', '', $value );
				
		/* Clean HTML */
		if ( $value and $this->htmlPurifier )
		{
			$value = $this->htmlPurifier->purify( $value );
		}

		/* BBCode, Profanity, etc. */
		if ( $value )
		{
			$value = $this->_parseContent( $value );
		}
						
		/* Clean HTML */
		if ( $value and $this->htmlPurifier )
		{
			$value = $this->htmlPurifier->purify( $value );
		}

What's the reasoning by running it twice through the purifier? Wouldn't it be enough to just do it once? Either before or after _parseContent. 

I'm also wondering how "safe" you would consider it to be to comment out the second purifyer step to speed up the post conversion task running after an upgrade from 3.4. 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...