parser to the rescue to secure the content this returns- no js in html please

author Gabriel Wicke <gwicke@users.mediawiki.org>

Wed, 28 Apr 2004 21:01:09 +0000 (21:01 +0000)

committer Gabriel Wicke <gwicke@users.mediawiki.org>

Wed, 28 Apr 2004 21:01:09 +0000 (21:01 +0000)
author Gabriel Wicke <gwicke@users.mediawiki.org>
Wed, 28 Apr 2004 21:01:09 +0000 (21:01 +0000)
committer Gabriel Wicke <gwicke@users.mediawiki.org>
Wed, 28 Apr 2004 21:01:09 +0000 (21:01 +0000)
diff --git a/includes/RawPage.php b/includes/RawPage.php

index 7aaa9e8..56662fa 100644 (file)
--- a/includes/RawPage.php
+++ b/includes/RawPage.php
@@ -27,10 +27,14 @@ class RawPage {
                 header( "Content-type: ".$this->mContentType.'; charset='.$this->mCharset );
                 # allow the client to cache this for 24 hours
                 header( 'Cache-Control: s-maxage=0, max-age=86400' );
-               echo $this->getrawtext();
+               $parser=new Parser();
+               $raw = $this->getrawtext();
+               echo $parser->removeHTMLtags( $raw );
                 wfAbruptExit();
         }
  
+
+       
         function getrawtext () {
                 global $wgInputEncoding, $wgLang;
                 if( !$this->mTitle ) return '';
author	Gabriel Wicke <gwicke@users.mediawiki.org>
	Wed, 28 Apr 2004 21:01:09 +0000 (21:01 +0000)
committer	Gabriel Wicke <gwicke@users.mediawiki.org>
	Wed, 28 Apr 2004 21:01:09 +0000 (21:01 +0000)