diff options
Diffstat (limited to 'inc')
| -rw-r--r-- | inc/DifferenceEngine.php | 2 | ||||
| -rw-r--r-- | inc/subscription.php | 4 |
2 files changed, 4 insertions, 2 deletions
diff --git a/inc/DifferenceEngine.php b/inc/DifferenceEngine.php index e0fbf8e03..783d6bea5 100644 --- a/inc/DifferenceEngine.php +++ b/inc/DifferenceEngine.php @@ -1004,6 +1004,8 @@ class InlineWordLevelDiff extends MappedDiff { * "Unified" diff formatter. * * This class formats the diff in classic "unified diff" format. + * + * NOTE: output is plain text and unsafe for use in HTML without escaping. */ class UnifiedDiffFormatter extends DiffFormatter { diff --git a/inc/subscription.php b/inc/subscription.php index 2989de032..4248e4b11 100644 --- a/inc/subscription.php +++ b/inc/subscription.php @@ -408,8 +408,8 @@ class Subscription { $tdiff = $dformat->format($df); $DIFF_INLINESTYLES = true; - $df = new Diff(explode("\n", hsc($old_content)), - explode("\n", hsc($new_content))); + $df = new Diff(explode("\n", $old_content), + explode("\n", $new_content)); $dformat = new InlineDiffFormatter(); $hdiff = $dformat->format($df); $hdiff = '<table>'.$hdiff.'</table>'; |