blallo/tt-rss
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

sanitize: disallow width and height attributes for images

Browse source
This commit is contained in:
Andrew Dolgov 2018-02-11 16:47:19 +03:00
parent 2eaf2a1f36
commit 8babb8e75a
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
include/functions.php
View file

@ -1587,6 +1587,9 @@
if ($entry->nodeName == 'img') {
$entry->setAttribute('referrerpolicy', 'no-referrer');
$entry->removeAttribute('width');
$entry->removeAttribute('height');
if ($entry->hasAttribute('src')) {
$is_https_url = parse_url($entry->getAttribute('src'), PHP_URL_SCHEME) === 'https';