Remove href attribute if it executes JavaScript.
This commit is contained in:
parent
4800746386
commit
d8b0f06705
1 changed files with 4 additions and 0 deletions
|
@ -1064,6 +1064,10 @@
|
|||
array_push($attrs_to_remove, $attr);
|
||||
}
|
||||
|
||||
if ($attr->nodeName == 'href' && stripos($attr->value, 'javascript:') === 0) {
|
||||
array_push($attrs_to_remove, $attr);
|
||||
}
|
||||
|
||||
if (in_array($attr->nodeName, $disallowed_attributes)) {
|
||||
array_push($attrs_to_remove, $attr);
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue