public/tt-rss
1
0
Fork 0
mirror of https://git.tt-rss.org/git/tt-rss.git synced 2025-12-13 17:35:56 +00:00
Code Issues Releases Wiki Activity

sanitize: forbid "allow" attribute

Browse Source 
CSS: remove auto hyphens stuff, remove iframe width clipping to 98% because they get squished
This commit is contained in:
Andrew Dolgov
2020-05-09 12:49:19 +03:00
parent a802649d53
commit 2b55afbeec
14 changed files with 6 additions and 143 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
include/functions.php
View File

@@ -1357,7 +1357,7 @@
if ($_SESSION['hasSandbox']) $allowed_elements[] = 'iframe';
$disallowed_attributes = array('id', 'style', 'class', 'width', 'height');
$disallowed_attributes = array('id', 'style', 'class', 'width', 'height', 'allow');
foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_SANITIZE) as $plugin) {
$retval = $plugin->hook_sanitize($doc, $site_url, $allowed_elements, $disallowed_attributes, $article_id);