Remove href attribute if it executes JavaScript.

author JustAMacUser <donotreply@example.org>

Sat, 6 Aug 2016 18:07:30 +0000 (14:07 -0400)

committer JustAMacUser <donotreply@example.org>

Sat, 6 Aug 2016 18:07:30 +0000 (14:07 -0400)
author JustAMacUser <donotreply@example.org>
Sat, 6 Aug 2016 18:07:30 +0000 (14:07 -0400)
committer JustAMacUser <donotreply@example.org>
Sat, 6 Aug 2016 18:07:30 +0000 (14:07 -0400)
diff --git a/include/functions2.php b/include/functions2.php

index aab73d34291f61ab4ca903723734623fdfe6e947..dceea507ee882ccbc6f15935c1a959ad7795ad26 100644 (file)
--- a/include/functions2.php
+++ b/include/functions2.php
@@ -1064,6 +1064,10 @@
                                                 array_push($attrs_to_remove, $attr);
                                         }
  
+                                       if ($attr->nodeName == 'href' && stripos($attr->value, 'javascript:') === 0) {
+                                               array_push($attrs_to_remove, $attr);
+                                       }
+
                                         if (in_array($attr->nodeName, $disallowed_attributes)) {
                                                 array_push($attrs_to_remove, $attr);
                                         }
author	JustAMacUser <donotreply@example.org>
	Sat, 6 Aug 2016 18:07:30 +0000 (14:07 -0400)
committer	JustAMacUser <donotreply@example.org>
	Sat, 6 Aug 2016 18:07:30 +0000 (14:07 -0400)