mirror/FreshRSS
0
0
Fork 0
mirror of https://github.com/FreshRSS/FreshRSS.git synced 2026-05-19 22:04:50 -04:00
Code Issues Packages Projects Releases Wiki Activity

SimplePie forbit formaction attribute (#7506)

Browse Source 
Sanitize buttons with a form or formaction attribute.
This commit is contained in:
Alexandre Alapetite
2025-04-13 00:01:09 +02:00
committed by GitHub
parent be73c6d669
commit f58dea6a5a
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
lib/lib_rss.php
View File

@@ -348,7 +348,8 @@ function customSimplePie(array $attributes = [], array $curl_options = []): \Sim
]);
$simplePie->rename_attributes(['id', 'class']);
$simplePie->strip_attributes(array_merge($simplePie->strip_attributes, [
'autoplay', 'class', 'onload', 'onunload', 'onclick', 'ondblclick', 'onmousedown', 'onmouseup',
'autoplay', 'class', 'form', 'formaction',
'onload', 'onunload', 'onclick', 'ondblclick', 'onmousedown', 'onmouseup',
'onmouseover', 'onmousemove', 'onmouseout', 'onfocus', 'onblur',
'onkeypress', 'onkeydown', 'onkeyup', 'onselect', 'onchange', 'seamless', 'sizes', 'srcdoc', 'srcset']));
$simplePie->add_attributes([