mirror of
https://github.com/FreshRSS/FreshRSS.git
synced 2025-12-24 05:57:45 -05:00
Strip more styles attributes (#7606)
Strip `bgcolor`, `text`, `background`, `link`, `alink`, `vlink` fix https://github.com/FreshRSS/FreshRSS/issues/7604
This commit is contained in:
Alexandre Alapetite
committed by
GitHub
GitHub
parent
648eddaf13
commit
5f45df3168
@@ -344,10 +344,12 @@ function customSimplePie(array $attributes = [], array $curl_options = []): \Sim
|
||||
]);
|
||||
$simplePie->rename_attributes(['id', 'class']);
|
||||
$simplePie->strip_attributes(array_merge($simplePie->strip_attributes, [
|
||||
'autoplay', 'class', 'form', 'formaction',
|
||||
'onload', 'onunload', 'onclick', 'ondblclick', 'onmousedown', 'onmouseup',
|
||||
'onmouseover', 'onmousemove', 'onmouseout', 'onfocus', 'onblur',
|
||||
'onkeypress', 'onkeydown', 'onkeyup', 'onselect', 'onchange', 'seamless', 'sizes', 'srcdoc', 'srcset']));
|
||||
'alink', 'autoplay', 'background', 'bgcolor', 'class', 'form', 'formaction',
|
||||
'link', 'onblur', 'onchange', 'onclick', 'ondblclick', 'onfocus',
|
||||
'onkeydown', 'onkeypress', 'onkeyup', 'onload', 'onmousedown', 'onmousemove',
|
||||
'onmouseout', 'onmouseover', 'onmouseup', 'onselect', 'onunload',
|
||||
'seamless', 'sizes', 'srcdoc', 'srcset', 'text', 'vlink',
|
||||
]));
|
||||
$simplePie->add_attributes([
|
||||
'audio' => ['controls' => 'controls', 'preload' => 'none'],
|
||||
'iframe' => [
|
||||
|
||||
Reference in New Issue
Block a user