From 78b0bcc19ad3aba0e1e10d7441290a8af82e63bf Mon Sep 17 00:00:00 2001
From: Bernhard Posselt <nukeawhale@gmail.com>
Date: Tue, 6 Aug 2013 13:56:32 +0200
Subject: move sanitation of urls to the serverside code to also provide
 security for clients, fix #151

---
 templates/part.items.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'templates')

diff --git a/templates/part.items.php b/templates/part.items.php
index f9fc3805f..9a067cf6e 100644
--- a/templates/part.items.php
+++ b/templates/part.items.php
@@ -22,7 +22,7 @@
 		<h1 class="item_heading">{{ item.title }}</h1>
 		<h1 class="item_title">
 			<a ng-click="itemBusinessLayer.setRead(item.id)"
-				target="_blank" ng-href="{{ item.url|ocSanitizeURL }}">
+				target="_blank" ng-href="{{ item.url }}">
 				{{ item.title }}
 			</a>
 		</h1>
@@ -30,7 +30,7 @@
 		<h2 class="item_author">
 			<span ng-show="itemBusinessLayer.noFeedActive() && feedBusinessLayer.getFeedLink(item.feedId)">
 				<?php p($l->t('from')) ?>
-				<a 	target="_blank" ng-href="{{ feedBusinessLayer.getFeedLink(item.feedId)|ocSanitizeURL }}"
+				<a 	target="_blank" ng-href="{{ feedBusinessLayer.getFeedLink(item.feedId) }}"
 					class="from_feed">{{ itemBusinessLayer.getFeedTitle(item.id) }}</a>
 			</span>
 			<span ui-if="item.author">
-- 
cgit v1.2.3