From 8566183f0d7c417a27d633afab48aaf6272847c2 Mon Sep 17 00:00:00 2001
From: chicpro <chicpro@sir.co.kr>
Date: Tue, 20 Oct 2015 11:05:30 +0900
Subject: [PATCH] =?UTF-8?q?XSS=EC=B7=A8=EC=95=BD=EC=A0=90=EA=B4=80?=
 =?UTF-8?q?=EB=A0=A8=20object=20=ED=83=9C=EA=B7=B8=20=ED=97=88=EC=9A=A9?=
 =?UTF-8?q?=EC=84=A4=EC=A0=95=20=EB=B3=80=EA=B2=BD?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 lib/common.lib.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/common.lib.php b/lib/common.lib.php
index dfb55be26..8313f6e18 100644
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@@ -562,8 +562,9 @@ function html_purifier($html)
     $config = HTMLPurifier_Config::createDefault();
     // data/cache 디렉토리에 CSS, HTML, URI 디렉토리 등을 만든다.
     $config->set('Cache.SerializerPath', G5_DATA_PATH.'/cache');
-    $config->set('HTML.SafeEmbed', true);
-    $config->set('HTML.SafeObject', true);
+    $config->set('HTML.SafeEmbed', false);
+    $config->set('HTML.SafeObject', false);
+    $config->set('Output.FlashCompat', false);
     $config->set('HTML.SafeIframe', true);
     $config->set('URI.SafeIframeRegexp','%^(https?:)?//('.$safeiframe.')%');
     $config->set('Attr.AllowedFrameTargets', array('_blank'));