From: Andrew Dolgov <noreply@fakecake.org>
Date: Sun, 11 Feb 2018 13:47:19 +0000 (+0300)
Subject: sanitize: disallow width and height attributes for images
X-Git-Tag: 18.8~65^2
X-Git-Url: https://git.wh0rd.org/?a=commitdiff_plain;ds=sidebyside;h=8babb8e75a0fd0195fc28c915bc5e21a7814f77b;p=tt-rss.git

sanitize: disallow width and height attributes for images
---

diff --git a/include/functions.php b/include/functions.php
index ebf4021a..efa4ec8e 100755
--- a/include/functions.php
+++ b/include/functions.php
@@ -1587,6 +1587,9 @@
 			if ($entry->nodeName == 'img') {
 				$entry->setAttribute('referrerpolicy', 'no-referrer');
 
+				$entry->removeAttribute('width');
+				$entry->removeAttribute('height');
+
 				if ($entry->hasAttribute('src')) {
 					$is_https_url = parse_url($entry->getAttribute('src'), PHP_URL_SCHEME) === 'https';