From: Andrew Dolgov <noreply@fakecake.org>
Date: Fri, 30 Nov 2018 12:02:01 +0000 (+0300)
Subject: strip_harmful_tags: remove data- attributes
X-Git-Tag: 18.12~6
X-Git-Url: https://git.wh0rd.org/?p=tt-rss.git;a=commitdiff_plain;h=50052fb78a3a9d1bb3fa488e7fd7b23125c38124

strip_harmful_tags: remove data- attributes
---

diff --git a/include/functions.php b/include/functions.php
index 1dd9a7a1..9125df3b 100755
--- a/include/functions.php
+++ b/include/functions.php
@@ -1761,6 +1761,10 @@
 						array_push($attrs_to_remove, $attr);
 					}
 
+					if (strpos($attr->nodeName, "data-") === 0) {
+						array_push($attrs_to_remove, $attr);
+					}
+
 					if ($attr->nodeName == 'href' && stripos($attr->value, 'javascript:') === 0) {
 						array_push($attrs_to_remove, $attr);
 					}