X-Git-Url: https://git.wh0rd.org/?a=blobdiff_plain;f=include%2Ffunctions2.php;h=dceea507ee882ccbc6f15935c1a959ad7795ad26;hb=d8b0f06705812ef9e4ee4b1943f53dd82743db19;hp=aab73d34291f61ab4ca903723734623fdfe6e947;hpb=48007463861d8db8b2b79c2f4f54e0564edb0ec0;p=tt-rss.git

diff --git a/include/functions2.php b/include/functions2.php
index aab73d34..dceea507 100644
--- a/include/functions2.php
+++ b/include/functions2.php
@@ -1064,6 +1064,10 @@
 						array_push($attrs_to_remove, $attr);
 					}
 
+					if ($attr->nodeName == 'href' && stripos($attr->value, 'javascript:') === 0) {
+						array_push($attrs_to_remove, $attr);
+					}
+
 					if (in_array($attr->nodeName, $disallowed_attributes)) {
 						array_push($attrs_to_remove, $attr);
 					}