diff options
| author | JustAMacUser <[email protected]> | 2016-08-06 14:07:30 -0400 |
|---|---|---|
| committer | JustAMacUser <[email protected]> | 2016-08-06 14:07:30 -0400 |
| commit | d8b0f06705812ef9e4ee4b1943f53dd82743db19 (patch) | |
| tree | 7fad819ac042937d5ce97880db69199b7fdb14f5 /include | |
| parent | 48007463861d8db8b2b79c2f4f54e0564edb0ec0 (diff) | |
Remove href attribute if it executes JavaScript.
Diffstat (limited to 'include')
| -rw-r--r-- | include/functions2.php | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/include/functions2.php b/include/functions2.php index aab73d342..dceea507e 100644 --- a/include/functions2.php +++ b/include/functions2.php @@ -1064,6 +1064,10 @@ array_push($attrs_to_remove, $attr); } + if ($attr->nodeName == 'href' && stripos($attr->value, 'javascript:') === 0) { + array_push($attrs_to_remove, $attr); + } + if (in_array($attr->nodeName, $disallowed_attributes)) { array_push($attrs_to_remove, $attr); } |