diff options
| -rw-r--r-- | includes/common.inc | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/includes/common.inc b/includes/common.inc index 9b9f8b76c4c..00d1ca0e565 100644 --- a/includes/common.inc +++ b/includes/common.inc @@ -659,7 +659,11 @@ function format_rss_channel($title, $link, $description, $items, $language = 'en $output = "<channel>\n"; $output .= ' <title>'. check_plain($title) ."</title>\n"; $output .= ' <link>'. check_url($link) ."</link>\n"; - $output .= ' <description>'. check_plain($description) ."</description>\n"; + + // The RSS 2.0 "spec" doesn't indicate HTML can be used in the description. + // We strip all HTML tags, but need to prevent double encoding from properly + // escaped source data (such as & becoming &amp;). + $output .= ' <description>'. check_plain(decode_entities(strip_tags($description))) ."</description>\n"; $output .= ' <language>'. check_plain($language) ."</language>\n"; foreach ($args as $key => $value) { $output .= ' <'. $key .'>'. check_plain($value) ."</$key>\n"; @@ -1339,4 +1343,4 @@ function page_set_cache() { } } } -}
\ No newline at end of file +} |