From 85d99f07925f9e0efca8f7af179dd71612395e4f Mon Sep 17 00:00:00 2001 From: randhirexpresstech Date: Fri, 23 Feb 2024 20:04:16 +0530 Subject: [PATCH] sanitize content server side --- php/classes/class-qsm-results-pages.php | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/php/classes/class-qsm-results-pages.php b/php/classes/class-qsm-results-pages.php index 63c72fd99..e831edc7c 100644 --- a/php/classes/class-qsm-results-pages.php +++ b/php/classes/class-qsm-results-pages.php @@ -322,10 +322,16 @@ public static function convert_to_new_system( $quiz_id ) { } public static function sanitize_html( $html = '' ) { - + + //Decode Html + $html = htmlspecialchars_decode( $html, ENT_QUOTES ); + // Remove unwanted html tags $html = preg_replace('/<(script|form|textarea|div|body|title|svg|link|meta)[^>]*>.*?<\/\1>/is', '', $html); + // Remove styles attributes + $html = preg_replace('/(<[^>]+) style=".*?"/i', '$1', $html); + // Remove input tags $html = preg_replace('/]*>/i', '', $html);