From 036ea43e4fb2cb21de7893ae3a37f8525986a8f9 Mon Sep 17 00:00:00 2001
From: Teromene <teromene@teromene.fr>
Date: Fri, 26 Feb 2016 18:17:48 +0000
Subject: [PATCH 1/2] Modified HTMLUtils, corrected few bugs.

---
 lib/HTMLUtils.php | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/lib/HTMLUtils.php b/lib/HTMLUtils.php
index 4e6b5e24..cb1bc0b6 100644
--- a/lib/HTMLUtils.php
+++ b/lib/HTMLUtils.php
@@ -158,16 +158,16 @@ class HTMLSanitizer {
 	var $onlyKeepText;
 
 
-	public static $DEFAULT_CLEAR_TAGS = ["script", "iframe"];
+	public static $DEFAULT_CLEAR_TAGS = ["script", "iframe", "input", "form"];
 	public static $KEPT_ATTRIBUTES = ["title", "href", "src"];
 
-	const ONLY_TEXT = null;
+	public static $ONLY_TEXT = [];
 
-	function __construct($tags_to_remove = HTMLSanitizer::DEFAULT_CLEAR_TAGS, $kept_attributes = HTMLSanitizer::KEPT_ATTRIBUTES, $only_keep_text = HTMLSanitizer::ONLY_TEXT) {
+	function __construct($tags_to_remove = null, $kept_attributes = null, $only_keep_text = null) {
 
-		$this->tagsToRemove = $tags_to_remove;
-		$this->keptAttributes = $kept_attributes;
-		$this->onlyKeepText = $only_keep_text;
+		$this->tagsToRemove = $tags_to_remove == null ? HTMLSanitizer::$DEFAULT_CLEAR_TAGS : $tags_to_remove;
+		$this->keptAttributes = $kept_attributes == null ? HTMLSanitizer::$KEPT_ATTRIBUTES : $kept_attributes;
+		$this->onlyKeepText = $only_keep_text == null ? HTMLSanitizer::$ONLY_TEXT : $only_keep_text;
 
 	}
 
@@ -175,7 +175,7 @@ class HTMLSanitizer {
 
 		$htmlContent = str_get_html($textToSanitize);
 
-		foreach($htmlContent->find('*[!j_ai_pas_trouve_comment_tout_demander]') as $element) {
+		foreach($htmlContent->find('*[!vive_les_chapeaux]') as $element) {
 			if(in_array($element->tag, $this->onlyKeepText)) {
 				$element->outertext = $element->plaintext;
 			} else if(in_array($element->tag, $this->tagsToRemove)) {
@@ -192,10 +192,12 @@ class HTMLSanitizer {
 	}
 	public static function defaultImageSrcTo($content, $server) {
         foreach($content->find('img') as $image) {
-            if(strpos($image->src, '/')==0) {
+
+			if(strpos($image->src, "http") == NULL && strpos($image->src, "//") == NULL && strpos($image->src, "data:") == NULL) {
                 $image->src = $server.$image->src;
-            }
+			}
         }
+		return $content;
     }
 
 }

From 1c1bcc20ffb1623fc426b3ad7199155647a5f350 Mon Sep 17 00:00:00 2001
From: Teromene <teromene@teromene.fr>
Date: Fri, 26 Feb 2016 18:31:53 +0000
Subject: [PATCH 2/2] Changed the antiselector to be less likely to happen.

---
 lib/HTMLUtils.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/HTMLUtils.php b/lib/HTMLUtils.php
index cb1bc0b6..1e2f0f78 100644
--- a/lib/HTMLUtils.php
+++ b/lib/HTMLUtils.php
@@ -175,7 +175,7 @@ class HTMLSanitizer {
 
 		$htmlContent = str_get_html($textToSanitize);
 
-		foreach($htmlContent->find('*[!vive_les_chapeaux]') as $element) {
+		foreach($htmlContent->find('*[!b38fd2b1fe7f4747d6b1c1254ccd055e]') as $element) {
 			if(in_array($element->tag, $this->onlyKeepText)) {
 				$element->outertext = $element->plaintext;
 			} else if(in_array($element->tag, $this->tagsToRemove)) {