From e96c08cdf59cd7f05f45ec59c185303e6654f4d5 Mon Sep 17 00:00:00 2001
From: agnesthealien <alienhospitals@gmail.com>
Date: Fri, 3 Apr 2026 18:01:14 -0400
Subject: [PATCH] fixing some security shit

---
 lib/html_cleaner.rb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/html_cleaner.rb b/lib/html_cleaner.rb
index c2be06c..3ade928 100755
--- a/lib/html_cleaner.rb
+++ b/lib/html_cleaner.rb
@@ -142,7 +142,9 @@ module HtmlCleaner
 
   # strip img tags, optionally leaving the HTML attributes (e.g. src and alt) exposed
   def strip_images(value, keep_src: false)
-    value.gsub(%r{(?:<(img .*?) ?/?>)}, keep_src ? "\\1" : "")
+     value.gsub(%r{(?:<(img .*?) ?/?>)}) do
+      keep_src ? Sanitize.clean(Regexp.last_match(1)) : ""
+    end
   end
 
   def strip_html_breaks_simple(value)