diff options
| author | Andrew Dolgov <[email protected]> | 2018-02-11 16:47:19 +0300 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2018-02-11 16:47:19 +0300 |
| commit | 8babb8e75a0fd0195fc28c915bc5e21a7814f77b (patch) | |
| tree | 664d97c58f74693450bce58edd86b34192725fdd /include | |
| parent | 2eaf2a1f3647b2593513db1dc823ad26ee4082d0 (diff) | |
sanitize: disallow width and height attributes for images
Diffstat (limited to 'include')
| -rwxr-xr-x | include/functions.php | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/include/functions.php b/include/functions.php index ebf4021ae..efa4ec8e7 100755 --- a/include/functions.php +++ b/include/functions.php @@ -1587,6 +1587,9 @@ if ($entry->nodeName == 'img') { $entry->setAttribute('referrerpolicy', 'no-referrer'); + $entry->removeAttribute('width'); + $entry->removeAttribute('height'); + if ($entry->hasAttribute('src')) { $is_https_url = parse_url($entry->getAttribute('src'), PHP_URL_SCHEME) === 'https'; |