diff --git a/play.pokemonshowdown.com/js/client-mainmenu.js b/play.pokemonshowdown.com/js/client-mainmenu.js index 08d9d05809..3106021cd6 100644 --- a/play.pokemonshowdown.com/js/client-mainmenu.js +++ b/play.pokemonshowdown.com/js/client-mainmenu.js @@ -132,7 +132,7 @@ options.noMinimize = options.noMinimize || false; this.$pmBox[options.append ? 'append' : 'prepend']('

' + (!options.noMinimize ? '' : '') + options.title + '

' + - options.html + + BattleLog.sanitizeHTML(options.html) + '
'); }, diff --git a/pokemonshowdown.com/news/manage.php b/pokemonshowdown.com/news/manage.php index 883b875068..8e11e0b222 100644 --- a/pokemonshowdown.com/news/manage.php +++ b/pokemonshowdown.com/news/manage.php @@ -69,6 +69,8 @@ function saveNews() { $summary = str_replace("[/url]", '', $summary); $summary = str_replace("[b]", '', $summary); $summary = str_replace("[/b]", '', $summary); + $summary = preg_replace('/\[psicon (pokemon|item|type|category)="([^\]]+)"\]/', '', $summary); + $summary = preg_replace('/\[psicon (pokemon|item|type|category)=([^\]]+)\]/', '', $summary); $summary = '

'.$summary.'

'; $newsCache[$topic_id]['summary_html'] = $summary; @@ -88,6 +90,8 @@ function saveNews() { $details = str_replace("[/url]", '', $details); $details = str_replace("[b]", '', $details); $details = str_replace("[/b]", '', $details); + $details = preg_replace('/\[psicon (pokemon|item|type|category)="([^\]]+)"\]/', '', $details); + $details = preg_replace('/\[psicon (pokemon|item|type|category)=([^\]]+)\]/', '', $details); $details = '

'.$details.'

'; $newsCache[$topic_id]['details_html'] = $details; } else {