Remove href attribute if it executes JavaScript.

This commit is contained in:
JustAMacUser 2016-08-06 14:07:30 -04:00
parent 4800746386
commit d8b0f06705

View file

@ -1064,6 +1064,10 @@
array_push($attrs_to_remove, $attr);
}
if ($attr->nodeName == 'href' && stripos($attr->value, 'javascript:') === 0) {
array_push($attrs_to_remove, $attr);
}
if (in_array($attr->nodeName, $disallowed_attributes)) {
array_push($attrs_to_remove, $attr);
}