diff options
author | Andrew Dolgov <[email protected]> | 2020-05-09 12:49:19 +0300 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2020-05-09 12:49:19 +0300 |
commit | 2b55afbeec840beb127bb9b836cd957d9e246042 (patch) | |
tree | b4852bc51abf7cd7ad9290bb352e995579712fa2 /include/functions.php | |
parent | a802649d5397da0bdeaceddf3a9a38093053bcba (diff) |
sanitize: forbid "allow" attribute
CSS: remove auto hyphens stuff, remove iframe width clipping to 98% because they get squished
Diffstat (limited to 'include/functions.php')
-rw-r--r-- | include/functions.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/include/functions.php b/include/functions.php index 64c2074cd..707a87e94 100644 --- a/include/functions.php +++ b/include/functions.php @@ -1357,7 +1357,7 @@ if ($_SESSION['hasSandbox']) $allowed_elements[] = 'iframe'; - $disallowed_attributes = array('id', 'style', 'class', 'width', 'height'); + $disallowed_attributes = array('id', 'style', 'class', 'width', 'height', 'allow'); foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_SANITIZE) as $plugin) { $retval = $plugin->hook_sanitize($doc, $site_url, $allowed_elements, $disallowed_attributes, $article_id); |