purify wiki page contents, fixes #4528

Closes #4528 Merge request studip/studip!3510
author: Jan-Hendrik Willms <tleilax+studip@gmail.com> 2024-10-18 08:40:13 +0000
committer: Jan-Hendrik Willms <tleilax+studip@gmail.com> 2024-10-18 08:40:13 +0000
commit: 74b6877e825b18ee964f41e113f36eb0fd6ec08b (patch)
tree: ac7832f1b7aa78d5206e2397e894af3a2e0bbd60 /app/controllers/course/wiki.php
parent: b3e8c24e1452e85c4d408fd3838b352e58a7c141 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/app/controllers/course/wiki.php b/app/controllers/course/wiki.php
index 11e6915..a204efc 100644
--- a/app/controllers/course/wiki.php
+++ b/app/controllers/course/wiki.php
@@ -615,7 +615,8 @@ class Course_WikiController extends AuthenticatedController
 
         $this->validateWikiPage($page, $this->range, true);
 
-        $page->content = \Studip\Markup::markAsHtml(trim(Request::get('content')));
+        $page->content = Studip\Markup::markAsHtml(trim(Request::get('content')));
+        $page->content = Studip\Markup::purifyHtml($page->content);
         $user = User::findCurrent();
         if ($page->isDirty()) {
             $page['user_id'] = $user->id;
author	Jan-Hendrik Willms <tleilax+studip@gmail.com>	2024-10-18 08:40:13 +0000
committer	Jan-Hendrik Willms <tleilax+studip@gmail.com>	2024-10-18 08:40:13 +0000
commit	74b6877e825b18ee964f41e113f36eb0fd6ec08b (patch)
tree	ac7832f1b7aa78d5206e2397e894af3a2e0bbd60 /app/controllers/course/wiki.php
parent	b3e8c24e1452e85c4d408fd3838b352e58a7c141 (diff)