sanitize: disallow width and height attributes for images

author Andrew Dolgov <noreply@fakecake.org>

Sun, 11 Feb 2018 13:47:19 +0000 (16:47 +0300)

committer Andrew Dolgov <noreply@fakecake.org>

Sun, 11 Feb 2018 13:47:19 +0000 (16:47 +0300)
author Andrew Dolgov <noreply@fakecake.org>
Sun, 11 Feb 2018 13:47:19 +0000 (16:47 +0300)
committer Andrew Dolgov <noreply@fakecake.org>
Sun, 11 Feb 2018 13:47:19 +0000 (16:47 +0300)
diff --git a/include/functions.php b/include/functions.php

index ebf4021ae627d39261932771d43b2bc816557795..efa4ec8e7d5bc8d4cee7443a266bf638f5ddb3d5 100755 (executable)
--- a/include/functions.php
+++ b/include/functions.php
@@ -1587,6 +1587,9 @@
                         if ($entry->nodeName == 'img') {
                                 $entry->setAttribute('referrerpolicy', 'no-referrer');
  
+                               $entry->removeAttribute('width');
+                               $entry->removeAttribute('height');
+
                                 if ($entry->hasAttribute('src')) {
                                         $is_https_url = parse_url($entry->getAttribute('src'), PHP_URL_SCHEME) === 'https';
author	Andrew Dolgov <noreply@fakecake.org>
	Sun, 11 Feb 2018 13:47:19 +0000 (16:47 +0300)
committer	Andrew Dolgov <noreply@fakecake.org>
	Sun, 11 Feb 2018 13:47:19 +0000 (16:47 +0300)