Fix xss though the description in the info.xml file of a theme or module

forkcms · Mar 23, 2022 · 981730f · 981730f
1 parent 1b38e33
commit 981730f
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/src/Backend/Modules/Extensions/Engine/Model.php b/src/Backend/Modules/Extensions/Engine/Model.php
@@ -839,7 +839,7 @@ public static function processModuleXml(\SimpleXMLElement $xml): array
         $information['name'] = (string) $module->name;
         $information['version'] = (string) $module->version;
         $information['requirements'] = (array) $module->requirements;
-        $information['description'] = (string) $module->description;
+        $information['description'] = strip_tags((string) $module->description, '<h1><h2><h3><h4><h5><h6><p><li><a>');
         $information['cronjobs'] = [];
 
         // authors
@@ -900,7 +900,7 @@ public static function processThemeXml(\SimpleXMLElement $xml): array
         $information['version'] = (string) $theme->version;
         $information['requirements'] = (array) $theme->requirements;
         $information['thumbnail'] = (string) $theme->thumbnail;
-        $information['description'] = (string) $theme->description;
+        $information['description'] = strip_tags((string) $theme->description, '<h1><h2><h3><h4><h5><h6><p><li><a>');
 
         // authors
         foreach ($xml->xpath('/theme/authors/author') as $author) {