From 2b55afbeec840beb127bb9b836cd957d9e246042 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Sat, 9 May 2020 12:49:19 +0300
Subject: sanitize: forbid "allow" attribute CSS: remove auto hyphens stuff,
 remove iframe width clipping to 98% because they get squished

---
 include/functions.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'include/functions.php')

diff --git a/include/functions.php b/include/functions.php
index 64c2074cd..707a87e94 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -1357,7 +1357,7 @@
 
 		if ($_SESSION['hasSandbox']) $allowed_elements[] = 'iframe';
 
-		$disallowed_attributes = array('id', 'style', 'class', 'width', 'height');
+		$disallowed_attributes = array('id', 'style', 'class', 'width', 'height', 'allow');
 
 		foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_SANITIZE) as $plugin) {
 			$retval = $plugin->hook_sanitize($doc, $site_url, $allowed_elements, $disallowed_attributes, $article_id);
-- 
cgit v1.2.3