From 7ef61e7d16f460265e5c0a5c800b29674912d071 Mon Sep 17 00:00:00 2001
From: rswindell <>
Date: Sun, 15 Nov 2015 02:36:43 +0000
Subject: [PATCH] Strip &lmr; and &rlm; non-printing entities from decoded
 HTML.

---
 src/sbbs3/js_global.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/sbbs3/js_global.c b/src/sbbs3/js_global.c
index 09b6290677..152e6b2007 100644
--- a/src/sbbs3/js_global.c
+++ b/src/sbbs3/js_global.c
@@ -2299,6 +2299,10 @@ js_html_decode(JSContext *cx, uintN argc, jsval *arglist)
 			outbuf[j++]=CTRL_U;
 			continue;
 		}
+		if(strcmp(token,"lrm")==0		/* left-to-right mark, not printable */
+			|| strcmp(token,"rlm")==0)	/* right-to-left mark, not printable */
+			continue;
+
 		/* Unknown character entity, leave intact */
 		j+=sprintf(outbuf+j,"&%s;",token);
 		
-- 
GitLab