From a536f94c8d1796d34741d0f10b474b5ec67b496a Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Thu, 17 Dec 2015 09:59:53 +0300 Subject: [PATCH] sanitize: clear out @srcset/@sizes on images leading to http sites when running over https --- include/functions2.php | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/include/functions2.php b/include/functions2.php index 0386b52e..1a0cb6d2 100755 --- a/include/functions2.php +++ b/include/functions2.php @@ -892,6 +892,8 @@ $entries = $xpath->query('(//a[@href]|//img[@src])'); + $ttrss_uses_https = parse_url(get_self_url_prefix(), PHP_URL_SCHEME) === 'https'; + foreach ($entries as $entry) { if ($site_url) { @@ -916,6 +918,21 @@ } if ($entry->nodeName == 'img') { + if ($entry->hasAttribute('src')) { + $is_https_url = parse_url($entry->getAttribute('src'), PHP_URL_SCHEME) === 'https'; + + if ($ttrss_uses_https && !$is_https_url) { + + if ($entry->hasAttribute('srcset')) { + $entry->removeAttribute('srcset'); + } + + if ($entry->hasAttribute('sizes')) { + $entry->removeAttribute('sizes'); + } + } + } + if (($owner && get_pref("STRIP_IMAGES", $owner)) || $force_remove_images || $_SESSION["bw_limit"]) {